akamai-edgegrid 3.5.6 → 4.0.1

package/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Release notes
 
+## 4.0.1 (Mar 4, 2026)
+
+### Features/Enhancements
+
+* Updated various dependencies.
+
+## 4.0.0 (Dec 4, 2025)
+
+### Breaking Changes
+
+* Replaced `log4js` with `pino` for logging and removed the `log4js` dependency.
+* Updated logging configuration with the following environment variables:
+    * `AKAMAI_LOG_LEVEL` - controls log severity. Possible values are: `fatal`, `error`, `warn`, `info`, `debug`, or `trace`. Defaults to `info`.
+    * `AKAMAI_LOG_PRETTY` - enables pretty-printed, human-readable log format when set to `true`. Defaults to `false`.
+* Logging is now disabled by default, ensuring zero logging unless explicitly enabled.
+* Introduced the `enableLogging(option)` function to programmatically control logging:
+    * Passing `true` enables logging based on environment variables.
+    * Passing a valid "pino-like" logger object sets the current logger. Custom loggers must implement the `info`, `debug`, `error`, and `warn` methods.
+* Exported `enableLogging` for external use, replacing the previous default `logger` export.
+* Removed support for the `EG_VERBOSE` environment variable; Axios interceptors now always log at the `debug` level.
+* Removed support for the `debug` parameter from the EdgeGrid constructor; debugging is now fully managed through `enableLogging()`.
+
+### Features/Enhancements
+
+* Updated various dependencies.
+
 ## 3.5.6 (Oct 15, 2025)
 
 ### Bug fixes
@@ -11,7 +37,7 @@
 ### Features/Enhancements
 
 * Updated various dependencies.
-* Removed support for Node.js versions 18, 21 and 23.
+* Removed support for Node.js versions 18, 21, and 23.
 
 ## 3.5.4 (Jul 24, 2025)
 

package/LICENSE

@@ -176,7 +176,7 @@ recommend that a file or class name and description of purpose be included on
 the same "printed page" as the copyright notice for easier identification within
 third-party archives.
 
-   Copyright 2025 Akamai Technologies, Inc. All rights reserved.
+   Copyright 2026 Akamai Technologies, Inc. All rights reserved.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use these files except in compliance with the License.

package/README.md

@@ -14,7 +14,7 @@ You can find the most up-to-date package in [NPM](https://www.npmjs.com/package/
 
 You can obtain the authentication credentials through an API client. Requests to the API are marked with a timestamp and a signature and are executed immediately.
 
-1. [Create authentication credentials](https://techdocs.akamai.com/developer/docs/set-up-authentication-credentials).
+1. [Create authentication credentials](https://techdocs.akamai.com/developer/docs/edgegrid).
 
 2. Place your credentials in an EdgeGrid file `~/.edgerc`, in the `[default]` section.
 
@@ -168,6 +168,63 @@ eg.auth({
 });
 ```
 
+### Logging
+The library supports configurable logging through the `enableLogging()` method.
+
+- Enable logging with environment variables.
+  - `AKAMAI_LOG_LEVEL`. Sets the verbosity level of the emitted log messages. Valid values are `error`, `warn`, `info`, `debug`, `fatal`, and `trace`. Default to `info.`
+  - `AKAMAI_LOG_PRETTY`. Controls whether the log output is formatted in a human-friendly way. Valid values are `true` or `false`. Defaults to `false`.
+
+  ```javascript
+  const edgeGrid = require('akamai-edgegrid');
+
+  // Set environment variables before enabling logging
+  process.env.AKAMAI_LOG_LEVEL = 'debug';
+  process.env.AKAMAI_LOG_PRETTY = 'true';
+
+  var eg = new EdgeGrid({
+      path: '/path/to/.edgerc', 
+      section: '<section-header>'
+  });
+  eg.enableLogging(true);
+  ```
+
+- Disable logging.
+
+  ```javascript
+  const edgeGrid = require('akamai-edgegrid');
+  var eg = new EdgeGrid({
+      path: '/path/to/.edgerc',
+      section: '<section-header>'
+  });
+  eg.enableLogging(false);
+  ```
+
+- Add a custom logger.
+  - You can also pass a custom logger object to the `enableLogging()` method. The object must have the `info`, `debug`, `error`, and `warn` methods.
+  - If you pass a logger object that doesn't implement the required methods, you'll get an error.
+
+  ```javascript
+  const edgeGrid = require('akamai-edgegrid');
+  // custom logger
+  const logger = {
+    info: (msg, ...args) => console.log('INFO:', msg, ...args),
+    debug: (msg, ...args) => console.log('DEBUG:', msg, ...args),
+    error: (msg, ...args) => console.error('ERROR:', msg, ...args),
+    warn: (msg, ...args) => console.warn('WARN:', msg, ...args)  
+  };
+
+  var eg = new EdgeGrid({
+      path: '/path/to/.edgerc',
+      section: '<section-header>'
+  });
+
+  eg.enableLogging(logger); // Pass the custom logger 
+
+  logger.info('Using custom logger for logging.');
+  logger.error('An error occurred!');
+  ```
+
 ### Proxy
 
 To use edgegrid with proxy, you can configure it with one of these methods:
@@ -203,36 +260,13 @@ To use edgegrid with proxy, you can configure it with one of these methods:
   $ node myapp.js
   ```
 
-### Debug
-
-Enable debugging to get additional information about a request. You can configure this with one of these methods:
-
-- Add the `debug` argument to the `EdgeGrid()` method.
-
-  ```javascript
-  var eg = new EdgeGrid({
-    path: '/path/to/.edgerc',
-    section: 'section-header'
-    debug: true
-  });
-  ```
-
-- Set the `EG_VERBOSE` environment variable.
-
-  ```shell
-  $ export EG_VERBOSE=true
-  $ node src/main.js
-  ```
-
-
-
 ## Reporting issues
 
 To report an issue or make a suggestion, create a new [GitHub issue](https://github.com/akamai/AkamaiOPEN-edgegrid-node/issues).
 
 ## License
 
-Copyright 2025 Akamai Technologies, Inc. All rights reserved.
+Copyright 2026 Akamai Technologies, Inc. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
 

package/npm.log

@@ -0,0 +1,76 @@
+
+added 395 packages, and audited 396 packages in 3s
+
+73 packages are looking for funding
+  run `npm fund` for details
+
+10 vulnerabilities (1 low, 9 high)
+
+To address issues that do not require attention, run:
+  npm audit fix
+
+To address all issues (including breaking changes), run:
+  npm audit fix --force
+
+Run `npm audit` for details.
+# npm audit report
+
+axios  1.0.0 - 1.13.4
+Severity: high
+Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig - https://github.com/advisories/GHSA-43fc-jf86-j433
+fix available via `npm audit fix`
+node_modules/axios
+
+diff  6.0.0 - 8.0.2
+jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - https://github.com/advisories/GHSA-73rr-hh4g-fpgx
+fix available via `npm audit fix`
+node_modules/diff
+  mocha  >=1.10.0
+  Depends on vulnerable versions of diff
+  Depends on vulnerable versions of glob
+  Depends on vulnerable versions of minimatch
+  node_modules/mocha
+
+minimatch  <10.2.1
+Severity: high
+minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
+fix available via `npm audit fix --force`
+Will install nyc@10.1.2, which is a breaking change
+node_modules/minimatch
+node_modules/nyc/node_modules/minimatch
+node_modules/rimraf/node_modules/minimatch
+node_modules/test-exclude/node_modules/minimatch
+  glob  3.0.0 - 10.5.0
+  Depends on vulnerable versions of minimatch
+  node_modules/glob
+  node_modules/nyc/node_modules/glob
+  node_modules/rimraf/node_modules/glob
+  node_modules/test-exclude/node_modules/glob
+    nyc  *
+    Depends on vulnerable versions of glob
+    Depends on vulnerable versions of istanbul-lib-processinfo
+    Depends on vulnerable versions of rimraf
+    Depends on vulnerable versions of spawn-wrap
+    Depends on vulnerable versions of test-exclude
+    node_modules/nyc
+    rimraf  2.3.0 - 3.0.2 || 4.2.0 - 5.0.10
+    Depends on vulnerable versions of glob
+    node_modules/rimraf
+      istanbul-lib-processinfo  *
+      Depends on vulnerable versions of rimraf
+      node_modules/istanbul-lib-processinfo
+      spawn-wrap  >=0.0.1
+      Depends on vulnerable versions of rimraf
+      node_modules/spawn-wrap
+    test-exclude  4.2.2 || >=5.0.0
+    Depends on vulnerable versions of glob
+    Depends on vulnerable versions of minimatch
+    node_modules/test-exclude
+
+10 vulnerabilities (1 low, 9 high)
+
+To address issues that do not require attention, run:
+  npm audit fix
+
+To address all issues (including breaking changes), run:
+  npm audit fix --force

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "akamai-edgegrid",
-  "version": "3.5.6",
+  "version": "4.0.1",
   "description": "Authentication handler for the Akamai OPEN EdgeGrid Authentication scheme in Node.js",
   "main": "index.js",
   "scripts": {
@@ -17,16 +17,20 @@
     "api",
     "edgegrid"
   ],
+  "exports": {
+    ".": "./index.js"
+  },
   "license": "Apache-2.0",
   "dependencies": {
     "axios": "^1.1.2",
-    "log4js": "^6.4.0"
+    "pino": "^9.6.0"
   },
   "devDependencies": {
     "mocha": "^11.0.1",
     "mocha-junit-reporter": "^2.1.0",
     "nock": "^14.0.6",
-    "nyc": "^17.0.0",
+    "nyc": "^18.0.0",
+    "pino-pretty": "^13.0.0",
     "tsd": "^0.33.0"
   }
 }

package/src/api.js

@@ -2,7 +2,7 @@ const axios = require('axios'),
     auth = require('./auth'),
     edgerc = require('./edgerc'),
     helpers = require('./helpers'),
-    logger = require('./logger');
+    { enableLogging, getLogger } = require('./logger');
 
 /**
  *
@@ -10,12 +10,11 @@ const axios = require('axios'),
  * @param {String} client_secret     The client secret value from the .edgerc file.
  * @param {String} access_token      The access token value from the .edgerc file.
  * @param {String} host              The host a unique string followed by luna.akamaiapis.net from the .edgerc file.
- * @param {Boolean} debug            The debug value allows to enable debugging.
  * @param {Number} max_body          This value is deprecated.
  * @constructor
  * @deprecated max_body
  */
-const EdgeGrid = function (client_token, client_secret, access_token, host, debug, max_body) {
+const EdgeGrid = function (client_token, client_secret, access_token, host, max_body) {
     // accepting an object containing a path to .edgerc and a config section
     if (typeof arguments[0] === 'object') {
         let edgercPath = arguments[0];
@@ -23,16 +22,16 @@ const EdgeGrid = function (client_token, client_secret, access_token, host, debu
     } else {
         this._setConfigFromStrings(client_token, client_secret, access_token, host);
     }
-    if (process.env.EG_VERBOSE || debug || (typeof arguments[0] === 'object' && arguments[0].debug)) {
-        axios.interceptors.request.use(request => {
-            console.log('Starting Request', request);
-            return request;
-        });
-        axios.interceptors.response.use(response => {
-            console.log('Response:', response);
-            return response;
-        });
-    }
+
+    axios.interceptors.request.use(request => {
+        getLogger().debug({ request }, 'Starting request');
+        return request;
+    });
+
+    axios.interceptors.response.use(response => {
+        getLogger().debug({ response }, 'Received response');
+        return response;
+    });
 };
 
 /**
@@ -143,7 +142,7 @@ function validatedArgs(args) {
 
     expected.forEach(function (arg, i) {
         if (!args[i]) {
-            logger.error('No defined ' + arg);
+            getLogger().error({ arg }, 'No defined argument');
             valid = false;
         }
     });
@@ -161,4 +160,17 @@ EdgeGrid.prototype._setConfigFromObj = function (obj) {
     this.config = edgerc(obj.path, obj.section);
 };
 
+/**
+ * Enables logging based on the provided option.
+ *
+ * @param {boolean|object} option - If true, configures the logger using environment variables.
+ *                                  If a valid object, uses it as the logger instance.
+ *                                  If false, disables logging.
+ * @return EdgeGrid object (self)
+ */
+EdgeGrid.prototype.enableLogging = function(option) {
+    enableLogging(option);
+    return this;
+};
+
 module.exports = EdgeGrid;

package/src/auth.js

@@ -1,6 +1,6 @@
 const { randomUUID } = require('crypto'),
     helpers = require('./helpers'),
-    logger = require('./logger'),
+    { getLogger } = require('./logger'),
     url = require('url');
 
 /**
@@ -36,11 +36,11 @@ function makeAuthHeader(request, clientToken, accessToken, clientSecret, timesta
 
     authHeader = 'EG1-HMAC-SHA256 ' + joinedPairs;
 
-    logger.info('Unsigned authorization header: ' + authHeader + '\n');
+    getLogger().info({ authHeader }, 'Unsigned authorization header');
 
     signedAuthHeader = authHeader + 'signature=' + helpers.signRequest(request, timestamp, clientSecret, authHeader, maxBody);
 
-    logger.info('Signed authorization header: ' + signedAuthHeader + '\n');
+    getLogger().info({ signedAuthHeader }, 'Signed authorization header');
 
     return signedAuthHeader;
 }

package/src/edgerc.js

@@ -1,5 +1,5 @@
 const fs = require('fs'),
-    logger = require('./logger'),
+    { getLogger } = require('./logger'),
     helpers = require('./helpers');
 
 function getSection(lines, sectionName) {
@@ -41,7 +41,7 @@ function validatedConfig(config) {
                 errorMessage += "\nMissing: " + token;
             }
         });
-        console.log('Missing part of the configuration:\n' + errorMessage);
+        getLogger().error({ errorMessage }, 'Missing part of the configuration');
         return {};
     }
 
@@ -91,6 +91,7 @@ function buildObj(configs) {
 }
 
 function readEnv(section) {
+    var logger = getLogger();
     const requiredKeys = ["HOST", "ACCESS_TOKEN", "CLIENT_TOKEN", "CLIENT_SECRET"],
         prefix = !section || section === "default" ? "AKAMAI_" : "AKAMAI_" + section.toUpperCase() + "_",
         envConfig = {};
@@ -99,7 +100,7 @@ function readEnv(section) {
     for (const key of requiredKeys) {
         const varName = prefix + key;
         if (!process.env[varName]) {
-            logger.debug("Environment variable not set: " + varName);
+            logger.debug({ varName }, 'Environment variable not set');
             continue;
         }
         envConfig[key.toLowerCase()] = process.env[prefix + key];
@@ -107,7 +108,7 @@ function readEnv(section) {
     if (Object.keys(envConfig).length < requiredKeys.length) {
         return {};
     }
-    console.log("Using configuration from environment variables");
+    logger.info('Using configuration from environment variables');
     return validatedConfig(envConfig);
 }
 

package/src/helpers.js

@@ -1,5 +1,5 @@
 const crypto = require('crypto'),
-    logger = require('./logger'),
+    { getLogger } = require('./logger'),
     path = require('path'),
     os = require('os');
 const MAX_BODY = 131072
@@ -29,7 +29,7 @@ module.exports = {
             '+0000';
     },
     contentHash: function (request) {
-
+        var logger = getLogger()
         let contentHash = '',
             preparedBody = request.body || '',
             isTarball = preparedBody instanceof Uint8Array && request.headers['Content-Type'] === 'application/gzip';
@@ -51,27 +51,31 @@ module.exports = {
             request.body = preparedBody; // Is this required or being used?
         }
 
-        logger.info('Body is \"' + preparedBody + '\"');
-        logger.debug('PREPARED BODY LENGTH', preparedBody.length);
+        logger.info({ body: preparedBody }, 'Body');
+        logger.debug({ length: preparedBody.length }, 'Prepared body length');
 
         if (request.method === 'POST' && preparedBody.length > 0) {
 
-            logger.info('Signing content: \"' + preparedBody + '\"');
+            logger.info({ body: preparedBody }, 'Signing content');
 
             // If body data is too large, cut down to max-body size which is const value
             if (preparedBody.length > MAX_BODY) {
-                logger.warn('Data length (' + preparedBody.length + ') is larger than maximum ' + MAX_BODY);
+                logger.warn({
+                    length: preparedBody.length,
+                    maxAllowed: MAX_BODY,
+                }, 'Data length exceeds maximum allowed');
+
                 if (isTarball)
                     preparedBody = preparedBody.slice(0, MAX_BODY);
                 else
                     preparedBody = preparedBody.substring(0, MAX_BODY);
-                logger.info('Body truncated. New value \"' + preparedBody + '\"');
+                logger.info({ newBody: preparedBody }, 'Body truncated');
             }
 
-            logger.debug('PREPARED BODY', preparedBody);
+            logger.debug({ preparedBody }, 'Prepared body content');
 
             contentHash = this.base64Sha256(preparedBody);
-            logger.info('Content hash is \"' + contentHash + '\"');
+            logger.info({ hash: contentHash }, 'Content hash is');
         }
 
         return contentHash;
@@ -100,7 +104,7 @@ module.exports = {
 
         const dataToSignStr = dataToSign.join('\t').toString();
 
-        logger.info('Data to sign: "' + dataToSignStr + '" \n');
+        getLogger().info({ data: dataToSignStr }, 'Data to sign');
 
         return dataToSignStr;
     },
@@ -180,7 +184,7 @@ module.exports = {
     signingKey: function (timestamp, clientSecret) {
         const key = this.base64HmacSha256(timestamp, clientSecret);
 
-        logger.info('Signing key: ' + key + '\n');
+        getLogger().info({ key }, 'Signing key used');
 
         return key;
     },

package/src/logger.js

@@ -1,12 +1,82 @@
-const log4js = require('log4js'),
-    logger = log4js.getLogger();
+const pino = require('pino');
 
-if (!process.env.LOG4JS_CONFIG) {
-  logger.level = log4js.levels.ERROR;
+const VALID_LEVELS = ['fatal', 'error', 'warn', 'info', 'debug', 'trace', 'silent'];
+
+const silentLogger = createLogger({level: 'silent'});
+
+// zero logging by default.
+let currentLogger = silentLogger;
+
+/**
+ * Enables logging based on the provided option.
+ *
+ * @param {boolean|object} option - If true, configures the logger using environment variables.
+ *                                  If an valid object, uses it as the logger instance.
+ *                                  Otherwise, reverts to silent logging.
+ */
+function enableLogging(option) {
+    if (option === true) {
+        const envLogLevel = process.env.AKAMAI_LOG_LEVEL || 'info';
+        if (!VALID_LEVELS.includes(envLogLevel)) {
+            throw new Error(`Invalid AKAMAI_LOG_LEVEL value "${envLogLevel}". Expected one of: ${VALID_LEVELS.join(', ')}.`);
+        }
+        currentLogger = createLogger({
+            level: envLogLevel,
+            pretty: process.env.AKAMAI_LOG_PRETTY === 'true'
+        });
+    } else if (option === false) {
+        currentLogger = silentLogger;
+    } else if (isValidLoggerObject(option)) {
+        currentLogger = option;
+    } else {
+        throw new Error('Invalid argument passed to enableLogging. Expected true, false, or a logger object.');
+    }
+}
+
+/**
+ * Checks if the provided object implements the necessary logger methods.
+ *
+ * @param {Object} option - The object to validate.
+ * @returns {boolean} - Returns true if the object is a valid logger, false otherwise.
+ */
+function isValidLoggerObject(option) {
+    return ['info', 'debug', 'error', 'warn'].every(fn => typeof option[fn] === 'function');
+}
+
+/**
+ * Creates and configures a Pino logger instance.
+ *
+ * @param {Object} options - Configuration options for the logger.
+ * @param {string} [options.level='info'] - The minimum level of logs to output.
+ * @param {boolean} [options.pretty=false] - Whether to enable pretty-printing of logs.
+ * @returns {Object} - Configured Pino logger instance.
+ */
+function createLogger({level = 'info', pretty = false} = {}) {
+    return pino({
+        level,
+        timestamp: () => `,"time":"${new Date().toISOString()}"`,
+        transport: pretty ? {
+            target: 'pino-pretty',
+            options: {
+                colorize: true,
+                translateTime: 'yyyy-mm-dd HH:MM:ss.l',
+                ignore: 'pid,hostname'
+            }
+        } : undefined
+    });
+}
+
+/**
+ * Returns the current logger instance.
+ */
+function getLogger() {
+    return currentLogger;
 }
 
-if (process.env.EDGEGRID_ENV === 'test') {
-  logger.level = log4js.levels.OFF;
+if (process.env.EDGEGRID_ENV !== 'test') {
+    if (process.env.AKAMAI_LOG_LEVEL || process.env.AKAMAI_LOG_PRETTY) {
+        enableLogging(true);
+    }
 }
 
-module.exports = logger;
+module.exports = { enableLogging, getLogger };

package/test/src/logger_test.js

@@ -0,0 +1,40 @@
+const assert = require('assert');
+const logger = require('../../src/logger');
+
+describe('enableLogging', function () {
+    it('should accept a custom logger object', function () {
+        const logs = [];
+        const customLogger = {
+            info: (msg) => logs.push(`INFO: ${msg}`),
+            debug: (msg) => logs.push(`DEBUG: ${msg}`),
+            error: (msg) => logs.push(`ERROR: ${msg}`),
+            warn: (msg) => logs.push(`WARN: ${msg}`)
+        };
+
+        logger.enableLogging(customLogger);
+
+        const log = logger.getLogger();
+        log.info('test info');
+        log.debug('test debug');
+        log.error('test error');
+        log.warn('test warn');
+
+        assert.strictEqual(logs[0], 'INFO: test info');
+        assert.strictEqual(logs[1], 'DEBUG: test debug');
+        assert.strictEqual(logs[2], 'ERROR: test error');
+        assert.strictEqual(logs[3], 'WARN: test warn');
+    });
+    
+    it('should throw an error for an invalid custom logger object', function () {
+        const invalidLogger = {
+            info: () => {} // Missing 'debug', 'error', 'warn' methods
+        };
+
+        try {
+            logger.enableLogging(invalidLogger);
+            assert.fail('Expected error to be thrown'); // If no error is thrown, this will fail
+        } catch (error) {
+            assert.strictEqual(error.message, 'Invalid argument passed to enableLogging. Expected true, false, or a logger object.');
+        }
+    });
+});