npmpackage.info

Gathering detailed insights and metrics for winston3-logstash-transport

Other packages similar to winston3-logstash-transport

winston3-logstash-udp

0.0.7

A Logstash UDP transport for winston

winston3-logstash-transport-types

1.0.1

type definitions for winston3-logstash-transport

@caal-15/winston3-logstash-transport

1.0.4

A winston@3 replacement for both winston-logstash and winston-logstash-udp to facilitate either TCP or UDP traffic to logstash

@mistereo/winston3-logstash-transport

1.2.0

A winston@3 replacement for both winston-logstash and winston-logstash-udp to facilitate either TCP or UDP traffic to logstash

Gathering detailed insights and metrics for winston3-logstash-transport

winston3-logstash-transport - 1.2.3 | npmpackage.info

winston3-logstash-transport

A winston@3 replacement for winston-logstah and winston-logstash-udp

1.2.3

MIT

JavaScript

29.09 kB

469,956 2.6

Installations

npm install winston3-logstash-transport

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.16.0

NPM Version

6.14.11 Score

74.1

Supply Chain

100

Quality

74.7

Maintenance

100

Vulnerability

99.3

License

Pull Requests

Open

9

Total

18

Closed

9

Issues

Open

4

Total

8

Closed

4

Releases

Unable to fetch releases

Languages

JavaScript

JavaScript (100%)

Developer

OutofSyncStudios

Download Statistics

Total Downloads

469,956

Last Day

Last Week

1,465

Last Month

6,099

Last Year

103,351

GitHub Statistics

MIT License

8 Stars

43 Commits

13 Forks

1 Watchers

11 Branches

1 Contributors

Updated on Jul 11, 2024

Bundle Size

96.00 kB

Minified

29.09 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

1.2.3

Package Id

winston3-logstash-transport@1.2.3

Unpacked Size

40.11 kB

Size

12.22 kB

File Count

NPM Version

6.14.11

Node Version

14.16.0

Total Downloads

Cumulative downloads

Total Downloads

469,956

Last Day

237.5%

Compared to previous day

Last Week

-11.3%

1,465

Compared to previous week

Last Month

-7.6%

6,099

Compared to previous month

Last Year

-7.6%

103,351

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lodash.foreach lodash.merge winston-transport

Dev Dependencies

ajv chai codacy-coverage eslint gulp gulp-eslint gulp-jsdoc3 gulp-mocha gulp-prettier husky mocha nyc prettier winston

winston3-logstash-transport

A winston@3 transport for LogStash.

This winston transport has been rewritten from both winston-logastah and winston-logstash-udp to use the new Transport behavior from winston@3.

Where possible, this has been updated to mimic the behaviors of the original modules. There are some changes that have been made to allow the transport to handle either TCP or UDP connections to LogStash, instead of being dedicated to a single transport-layer protocol.

Usage

1const Winston = require('winston');
2const WinstonLogStash = require('winston3-logstash-transport');
3
4const logger = Winston.createLogger();
5
6logger.add(new WinstonLogStash({
7  mode: 'udp',
8  host: '127.0.0.1',
9  port: 28777
10}));
11
12logger.error('Some Error');

API

constructor(options)

Create a new Logstash Transport

options

Name	Type	Description	Valid Values	Default	TCP	UDP
`mode`	string	The protocol to use to connect to LogStash. `tcp` is an alias for `tcp4` and `udp` is an alias for `udp4`.	`udp` `udp4` `udp6` `tcp` `tcp4` `tcp6`	`'udp4'`	✔️	✔️
`localhost`	string	The hostname sent to LogStash	Any	`os.hostname`	✔️	✔️
`host`	string	The LogStash server ip or hostname	Any valid IP or host address	`127.0.0.1` (ip4) `::0` (ip6)	✔️	✔️
`port`	integer	The LogStash server port number	Any integer	`28777`	✔️	✔️
`applicationName`	string	The application name sent to LogStash	Any	`process.title`	✔️	✔️
`pid`	string	The Operating System process ID for this process	Any valid PID	`process.pid`	✔️	✔️
`silent`	boolean	Offline/Silent mode enabled		`false`	✔️	✔️
`maxConnectRetries`	integer	The number of attempts to reconnect to make before erroring out	Any integer	`4`	✔️	✔️
`timeoutConnectRetries`	integer	The number of milliseconds to wait between connection attempts	Any integer	`100`	✔️	✔️
`label`	string	The LogStash label to send with the information	Any	`process.title`	✔️	✔️
`sslEnable`	boolean	Whether SSL/TLS connection should be attempted when connecting via TCP		`false`	✔️
`sslKey`	filepath	The filepath to the SSL Key	Any valid filepath	`''`	✔️
`sslCert`	filepath	The filepath to the SSL Cert	Any valid filepath	`''`	✔️
`sslCA`	filepath or Array(filepaths)	The filepath(s) to the Certificat Authority (CA) Intermediary Certs	Any valid filepath(s)	`''`	✔️
`sslPassPhrase`	string	The SSL Cert PassPhrase (if any)	Any	`''`	✔️
`rejectUnauthorized`	boolean	Enable connection rejection when cert is not valid		`false`	✔️
`trailingLineFeed`	boolean	Enable appending end of line character to UDP output		`false`		✔️
`trailingLineFeedChar`	string	The type of end of line character(s) to append to UDP output	Any	`os.EOL`		✔️
`formatted`	boolean	Enable/Disable delivery of standard pre-formatted JSON payloads. See Message Payloads for more info.		`true`	✔️	✔️

Message Payloads

By default or when options.formatted is explicitly set true, this module delivers a standard message payload to logstash as follows:

1{
2  "timestamp": new Date().toISOString(), // The time the payload was created
3  "message": "",                         // JSON Stringified version of your message
4  "level": "",                           // The logger level of the message
5  "label": `${options.label}`,
6  "application": `${options.applicationName}`,
7  "serverName": `${options.localhost}`,
8  "pid": `${options.pid}`
9}

In this case when the log message is a string, boolean, or Number value, then the message is a stringified as:

1{
2  "data": `${message}`
3}

If options.formatted is set to false, then the entire Winston log message object is JSON.stringified and then set to logstash.

Logstash Configuration

Having logstash ingest preformatted messages delivered by this module can be done with a configuration file similar to below:

1input {
2  # Sample input over TCP
3  tcp {
4    codec => json
5    port => 28777
6    add_field => { "category" => "winston_log" }
7  }
8}
9filter {
10  if [category] == "winston_log" {
11    json {
12      source => "message"
13    }
14    json {
15      source => "data"
16      remove_field => [ "[headers][secret]", "[headers][apikey]" ]
17    }
18  }
19}
20output {
21  if [category] == "winston_log" {
22    stdout {
23      codec => json
24    }
25    elasticsearch {
26      id => "winston_log_tcp"
27      index => "winston_log-%{+YYYY.MM.dd}"
28      hosts => ["192.168.1.1:9200"] # Use the address of your Elasticsearch server
29    }
30  }
31}

License

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/auto-merge.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/auto-merge.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-merge.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/auto-merge.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-develop.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-develop.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-develop.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-develop.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-develop.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-develop.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-develop.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-develop.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-develop.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-develop.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-master.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-master.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-master.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-master.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-master.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-master.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-master.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-master.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/OutOfSyncStudios/winston-logstash-transport/build-master.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/build-develop.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/build-master.yml:39
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 3 out of 5 npmCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

SAST

Determines if the project uses static code analysis.

0

Fuzzing

Determines if the project uses fuzzing.

0

Security-Policy

Determines if the project has published a security policy.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

43 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-8hfj-j24r-96c4
Warn: Project is vulnerable to: GHSA-wc69-rhjr-hc9g
Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-rjqq-98f6-6j3r
Warn: Project is vulnerable to: GHSA-mjxr-4v3x-q3m4
Warn: Project is vulnerable to: GHSA-cgfm-xwp7-2cvr
Warn: Project is vulnerable to: GHSA-rm97-x556-q36h
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-mxhp-79qh-mcx6
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp

Score

2.6

/10

Last Scanned on 2025-06-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More