Package Exports
- @transloadit/sev-logger
- @transloadit/sev-logger/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@transloadit/sev-logger) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Even though this module is publicly accessible, we do not recommend using it in projects outside of Transloadit. We won't make any guarantees about its workings and can change things at any time, we won't adhere strictly to SemVer.
This module is maintained from a monorepo called monolib.
Overview
@transloadit/sev-logger is a lightweight, printf-style logger with:
- syslog-like levels (
EMERG..TRACE) and breadcrumbs - breadcrumb nesting that auto-pads prefixes so multi-logger output aligns
- structured events (
logger.event) alongside formatted lines - optional timestamps, hostnames, callsites, and clickable paths (each path segment is clickable)
- built-in redaction of secrets (enabled by default)
- ESM/CJS friendly, no runtime deps beyond Node
- Node.js only (browser not supported today)
Install
yarn add @transloadit/sev-logger
# or
npm install @transloadit/sev-loggerQuickstart
import { SevLogger } from '@transloadit/sev-logger'
const log = new SevLogger({ breadcrumbs: ['api'] })
log.info('listening on %s', 'http://localhost:3000')
log.event(SevLogger.LEVEL.NOTICE, {
event: 'user.login',
userId: 42,
})Redaction (on by default)
Secrets are masked before anything is written to stdout/stderr/files. Defaults include:
- Field names:
token,secret,password,pass,authorization,auth,api_key,x-api-key,cookie,session,bearer, … - Patterns: Slack tokens, Bearer/JWT-like strings, AWS AKIA/ASIA keys
Optional heuristics (disabled by default, can be noisy in paths):
- Generic 32+ char base64ish strings (including slashy tokens)
- High-entropy fallback for token-like strings
Works for formatted logs and event() payloads, even when fields are abbreviated.
To opt back into heuristic redaction, set redact: { heuristics: true } (and optionally entropy: true).
Repeated references and cycles are preserved (no stack overflows, shared refs stay shared). Non-plain objects such as Date, URL, RegExp, Map, Set, custom classes, and Error/AggregateError causes are retained.
Basic usage (default redaction on):
const log = new SevLogger({ breadcrumbs: ['botty'] })
log.info('token: %s', process.env.SLACK_BOT_TOKEN) // => token: [redacted]
log.event(SevLogger.LEVEL.INFO, {
event: 'botty.start',
headers: { Authorization: `Bearer ${process.env.SLACK_BOT_TOKEN}` },
}) // => headers.Authorization: "[redacted]"Configuration (override defaults):
const log = new SevLogger({
redact: {
enabled: true, // default true
replacement: '[redacted]',
keepLast: 4, // tail to keep visible, default 4
fields: ['sessionId'], // extra field names to always mask (case-insensitive)
patterns: [/SUPERSECRET\w+/g], // extra regexes
heuristics: false, // enable heuristic token redaction, default false
entropy: false, // mask random high-entropy strings (defaults to heuristics)
custom: [(
value, path, // path = ['payload', 'headers', 'authorization'] etc.
) => (typeof value === 'string' ? value.replace(/abc/g, '***') : value)],
},
})
// Opt-out completely
const noRedact = new SevLogger({ redact: false })Events vs formatted lines
logger.info('File %s', '/tmp/foo')— printf-style with%s/%r/%cfor strings/paths/clickables.logger.event(level, { event: 'upload.finished', userId, size })— emitseventname + JSON payload (with optional key abbreviations).
Testing
cd packages/sev-logger
yarn testMaintenance
This package is published via automated CI.