Installations
npm install network-error-loggingScore
68.2
Supply Chain
74.1
Quality
75.7
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Developer
Cherry
Developer Guide
Module System
CommonJS
Min. Node Version
>=12
Typescript Support
Yes
Node Version
12.18.2
NPM Version
6.14.8
Statistics
5 Stars
344 Commits
4 Forks
3 Watching
4 Branches
3 Contributors
Updated on 29 Sept 2024
Languages
JavaScript (57.46%)
TypeScript (42.54%)
Total Downloads
Cumulative downloads
Total Downloads
76,757
Last day
90.9%
63
Compared to previous day
Last week
-4.4%
219
Compared to previous week
Last month
15.2%
925
Compared to previous month
Last year
-29%
10,108
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Network Error Logging
This is Express middleware to set the NEL HTTP response header. You can read more about it here.
To use:
1const NEL = require('network-error-logging') 2 3// ... 4 5app.use(NEL({ 6 report_to: 'endpoint-1', // REQUIRED to register. OPTIONAL if intention is to remove a previous registration. defined in the Report-To header 7 max_age: 31_536_000, // REQUIRED. seconds 8 include_subdomains: true, // OPTIONAL 9 success_fraction: 0.5, // OPTIONAL. sampling rate 10 failure_fraction: 0.5, // OPTIONAL. sampling rate 11 request_headers: ["If-None-Match"], // OPTIONAL. request headers whose names and values are included in the network error reports 12 response_headers: ["ETag"] // OPTIONAL. response headers whose names and values are included in the network error reports 13}))
For further documentation on each field, see https://w3c.github.io/network-error-logging/#nel-response-header.
This header is best set with a previously defined Report-To group. This module is a great way to do that.
https://report-uri.com/ is a great reporting platform for monitoring CSP, NEL, etc. error logs.
License
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 10 commits out of 23 are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Reason
2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Reason
Found 0/8 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/Cherry/network-error-logging/test.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:18
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
3.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to network-error-logging
micro-ftch
Wrappers for built-in fetch() enabling killswitch, logging, concurrency limit and other features
reporting-api
Roll your own Reporting API collector. Supports CSP, COEP, COOP, Document-Policy, Crash reports, Deprecation reports, Intervention reports and Network Error Logging
loglevel
Minimal lightweight logging for JavaScript, adding reliable log level methods to any available console.log methods
winston
A logger for just about everything.