pino-debugging 1.0.0

package/package.json

@@ -0,0 +1,83 @@
+{
+  "name": "pino-debugging",
+  "version": "1.0.0",
+  "description": "High performance debug logging",
+  "main": "index.js",
+  "scripts": {
+    "test": "npm run deps && npm run lint && npm run test:unit",
+    "deps": "knip --production --dependencies",
+    "lint": "eslint",
+    "lint:fix": "eslint --fix",
+    "test:unit": "cross-env NODE_ENV=test borp",
+    "test:watch": "cross-env NODE_ENV=test node --watch --test",
+    "test:with-debug": "npm i --no-save --no-audit --no-fund debug@$DEBUG_VERSION && npm run test:unit",
+    "test-2.3": "cross-env DEBUG_VERSION=2.3 npm run test:with-debug",
+    "test-2.4": "cross-env DEBUG_VERSION=2.4 npm run test:with-debug",
+    "test-2.5": "cross-env DEBUG_VERSION=2.5 npm run test:with-debug",
+    "test-2.6": "cross-env DEBUG_VERSION=2.6 npm run test:with-debug",
+    "test-3.1": "cross-env DEBUG_VERSION=3.1 npm run test:with-debug",
+    "test-4.1": "cross-env DEBUG_VERSION=4.1 npm run test:with-debug",
+    "test-all": "npm run test-2.3 && npm run test-2.4 && npm run test-2.5 && npm run test-2.6 && npm run test-3.1 && npm run test-4.1",
+    "ci": "npm test",
+    "bench": "node benchmarks/runbench all",
+    "bench-basic": "node benchmarks/runbench basic",
+    "bench-object": "node benchmarks/runbench object",
+    "bench-deepobject": "node benchmarks/runbench deepobject",
+    "security:audit": "npm audit --audit-level=moderate",
+    "security:fix": "npm audit fix",
+    "security:snyk": "snyk test",
+    "security:check": "npm run security:audit && npm run security:snyk",
+    "security:validate": "node scripts/security-check.js",
+    "prepare": "npm run security:audit"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/json-douglas/pino-debugging.git"
+  },
+  "author": {
+    "name": "json douglas",
+    "url": "https://github.com/json-douglas"
+  },
+  "bugs": {
+    "url": "https://github.com/json-douglas/pino-debugging/issues"
+  },
+  "homepage": "https://github.com/json-douglas/pino-debugging#readme",
+  "keywords": [
+    "pino",
+    "debug",
+    "fast",
+    "performance",
+    "debugging",
+    "logging",
+    "logger",
+    "security",
+    "production-ready",
+    "logfmt"
+  ],
+  "license": "MIT",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/pino"
+  },
+  "security": {
+    "policy": "https://github.com/json-douglas/pino-debugging/security/policy",
+    "contact": "security@json-douglas.io"
+  },
+  "dependencies": {
+    "pino": "^10.1.0",
+    "debug-fnt": "^1.0.3"
+  },
+  "devDependencies": {
+    "borp": "^0.21.0",
+    "cross-env": "^7.0.3",
+    "debug": "^4.4.3",
+    "eslint": "^9.38.0",
+    "fastbench": "^1.0.1",
+    "knip": "^5.1.2",
+    "neostandard": "^0.12.2",
+    "pump": "^3.0.0",
+    "split2": "^4.2.0",
+    "steed": "^1.1.3",
+    "through2": "^4.0.2"
+  }
+}

package/scripts/security-check.js

@@ -0,0 +1,171 @@
+#!/usr/bin/env node
+
+/**
+ * Security validation script for pino-debugger
+ * Checks for common security issues and best practices
+ */
+
+const fs = require('fs')
+
+console.log('🔒 Running security validation for pino-debugger...\n')
+
+// Check 1: Verify security documentation exists
+function checkSecurityDocs () {
+  const requiredFiles = [
+    'SECURITY.md',
+    'CONTRIBUTING.md',
+    'CODE_OF_CONDUCT.md',
+    'docs/SECURITY_BEST_PRACTICES.md'
+  ]
+
+  const missing = requiredFiles.filter(file => !fs.existsSync(file))
+
+  if (missing.length === 0) {
+    console.log('✅ All security documentation files present')
+    return true
+  } else {
+    console.log('❌ Missing security documentation:', missing.join(', '))
+    return false
+  }
+}
+
+// Check 2: Verify package.json security metadata
+function checkPackageJsonSecurity () {
+  const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'))
+
+  const hasSecurityScripts = pkg.scripts &&
+    pkg.scripts['security:audit'] &&
+    pkg.scripts['security:check']
+
+  const hasSecurityMetadata = pkg.security &&
+    pkg.security.policy &&
+    pkg.security.contact
+
+  if (hasSecurityScripts && hasSecurityMetadata) {
+    console.log('✅ Package.json has security scripts and metadata')
+    return true
+  } else {
+    console.log('❌ Package.json missing security configuration')
+    return false
+  }
+}
+
+// Check 3: Verify GitHub security templates (optional)
+function checkGitHubTemplates () {
+  const requiredTemplates = [
+    '.github/ISSUE_TEMPLATE/bug_report.md',
+    '.github/ISSUE_TEMPLATE/feature_request.md',
+    '.github/PULL_REQUEST_TEMPLATE.md'
+  ]
+
+  const optionalTemplates = [
+    '.github/workflows/security-simple.yml'
+  ]
+
+  const missing = requiredTemplates.filter(file => !fs.existsSync(file))
+  const missingOptional = optionalTemplates.filter(file => !fs.existsSync(file))
+
+  if (missing.length === 0) {
+    console.log('✅ All required GitHub security templates present')
+    if (missingOptional.length > 0) {
+      console.log('ℹ️  Optional templates missing:', missingOptional.join(', '))
+    }
+    return true
+  } else {
+    console.log('❌ Missing required GitHub templates:', missing.join(', '))
+    return false
+  }
+}
+
+// Check 4: Verify Snyk configuration
+function checkSnykConfig () {
+  if (fs.existsSync('.snyk')) {
+    console.log('✅ Snyk configuration file present')
+    return true
+  } else {
+    console.log('❌ Missing .snyk configuration file')
+    return false
+  }
+}
+
+// Check 5: Verify no sensitive data in code
+function checkSensitiveData () {
+  const sensitivePatterns = [
+    /password\s*=\s*['"][^'"]+['"]/i,
+    /api[_-]?key\s*=\s*['"][^'"]+['"]/i,
+    /secret\s*=\s*['"][^'"]+['"]/i,
+    /token\s*=\s*['"][^'"]+['"]/i
+  ]
+
+  const filesToCheck = ['index.js', 'debug.js', 'test.js']
+  let foundSensitive = false
+
+  filesToCheck.forEach(file => {
+    if (fs.existsSync(file)) {
+      const content = fs.readFileSync(file, 'utf8')
+      sensitivePatterns.forEach(pattern => {
+        if (pattern.test(content)) {
+          console.log(`❌ Potential sensitive data found in ${file}`)
+          foundSensitive = true
+        }
+      })
+    }
+  })
+
+  if (!foundSensitive) {
+    console.log('✅ No sensitive data patterns found in source code')
+    return true
+  }
+
+  return false
+}
+
+// Check 6: Verify dependencies are up to date
+function checkDependencyFreshness () {
+  try {
+    const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'))
+    const lockExists = fs.existsSync('package-lock.json')
+
+    if (lockExists && pkg.dependencies) {
+      console.log('✅ Package lock file exists for reproducible builds')
+      return true
+    } else {
+      console.log('❌ Missing package-lock.json or dependencies')
+      return false
+    }
+  } catch (error) {
+    console.log('❌ Error checking dependencies:', error.message)
+    return false
+  }
+}
+
+// Run all checks
+async function runSecurityChecks () {
+  const results = [
+    checkSecurityDocs(),
+    checkPackageJsonSecurity(),
+    checkGitHubTemplates(),
+    checkSnykConfig(),
+    checkSensitiveData(),
+    checkDependencyFreshness()
+  ]
+
+  const passed = results.filter(Boolean).length
+  const total = results.length
+
+  console.log(`\n📊 Security Check Results: ${passed}/${total} checks passed`)
+
+  if (passed === total) {
+    console.log('🎉 All security checks passed! Project is ready for improved Snyk score.')
+    process.exit(0)
+  } else {
+    console.log('⚠️  Some security checks failed. Please address the issues above.')
+    process.exit(1)
+  }
+}
+
+// Run the checks
+runSecurityChecks().catch(error => {
+  console.error('❌ Security check failed:', error)
+  process.exit(1)
+})

package/test/index.js

@@ -0,0 +1,100 @@
+'use strict'
+
+// pino-debugger must be required at the entry point, before other modules
+const pinoDebug = require('../index.js')
+const pino = require('pino')
+const debug = require('../debug.js')
+
+// Initialize pino-debugger with a pino logger instance
+// All available options: auto, map, and skip
+const logger = pino({ level: 'debug' })
+pinoDebug(logger, {
+  // auto: automatically enable namespaces listed in map (default: true)
+  // If true: namespaces in map are automatically enabled for logging
+  // If false: only namespaces enabled via DEBUG env var will be logged
+  //   Namespaces in map will still use their mapped log levels when enabled
+  // Example with auto: false - set DEBUG=test:app,test:module before running
+  // auto: true,
+
+  // map: associate debug namespaces with pino log levels
+  // Supports wildcards (*) in namespace patterns
+  // Available pino log levels: trace, debug, info, warn, error, fatal
+  map: {
+    'test:app': 'info', // Specific namespace -> info level
+    'test:module': 'debug', // Specific namespace -> debug level
+    'test:error': 'error', // Error-level logging
+    'test:warn': 'warn', // Warning-level logging
+    'test:trace': 'trace', // Trace-level logging
+    'test:critical': 'fatal', // Fatal-level logging
+    'test:util:*': 'debug', // Wildcard pattern -> debug level
+    'test:sub:*': 'trace', // Another wildcard pattern
+    'test:*': 'trace' // Catch-all pattern (must be last due to precision sorting)
+  },
+  levels: ['info', 'warn', 'error', 'fatal', 'trace', 'debug'],
+  // format: specify the output format for debug-fmt
+  // Available formats: 'logfmt' (default), 'json', 'pretty'
+  format: 'logfmt',
+  // skip: array of namespaces to disable/skip
+  // Equivalent to prefixing namespaces with '-' in DEBUG env var
+  skip: [
+    'test:disabled', // This namespace will not be logged
+    'test:noisy:*' // Skip all noisy sub-namespaces
+  ]
+})
+
+// Test basic debug logging with all log levels
+console.log('\n=== Basic Debug Logging (All Levels) ===')
+const debugApp = debug('test:app')
+debugApp('This is an INFO level message from test:app')
+
+const debugModule = debug('test:module')
+debugModule('This is a DEBUG level message from test:module')
+
+const debugError = debug('test:error')
+debugError('This is an ERROR level message from test:error')
+
+const debugWarn = debug('test:warn')
+debugWarn('This is a WARN level message from test:warn')
+
+const debugTrace = debug('test:trace')
+debugTrace('This is a TRACE level message from test:trace')
+
+const debugFatal = debug('test:critical')
+debugFatal('This is a FATAL level message from test:critical')
+
+const debugOther = debug('test:other')
+debugOther('This is a TRACE level message from test:other (matches test:* pattern)')
+
+// Test wildcard patterns
+const debugUtil = debug('test:util:helper')
+debugUtil('This is a DEBUG level message from test:util:helper (matches test:util:*)')
+
+const debugSub = debug('test:sub:component')
+debugSub('This is a TRACE level message from test:sub:component (matches test:sub:*)')
+
+// Test skipped namespaces (should not log)
+const debugDisabled = debug('test:disabled')
+debugDisabled('This message should NOT appear (namespace is skipped)')
+
+const debugNoisy = debug('test:noisy:log')
+debugNoisy('This message should NOT appear (test:noisy:* is skipped)')
+
+// Test debug with format strings
+console.log('\n=== Debug with Format Strings ===')
+debugApp('User %s logged in with id %d', 'alice', 123)
+debugModule('Processing %j', { action: 'test', value: 42 })
+
+// Test debug.enabled
+console.log('\n=== Debug Enabled Check ===')
+console.log('test:app enabled:', debug('test:app').enabled)
+console.log('test:disabled enabled:', debug('test:disabled').enabled)
+
+// Test debug.extend
+console.log('\n=== Debug Extend ===')
+const debugAppSub = debugApp.extend('submodule')
+debugAppSub('This is a message from test:app:submodule')
+
+console.log('\n=== Test Complete ===')
+console.log('\nNote: To test auto: false, change auto to false and run:')
+console.log('  DEBUG=test:app,test:module node test.js')
+console.log('Only explicitly enabled namespaces will be logged.')

package/test.js

@@ -0,0 +1,42 @@
+'use strict'
+
+// pino-debugger must be required at the entry point, before other modules
+const pinoDebug = require('./index.js')
+const pino = require('pino')
+
+// Initialize pino-debugger with a pino logger instance
+// All available options: auto, map, and skip
+const logger = pino({ level: 'debug' })
+pinoDebug(logger, {
+  // auto: automatically enable namespaces listed in map (default: true)
+  // If true: namespaces in map are automatically enabled for logging
+  // If false: only namespaces enabled via DEBUG env var will be logged
+  //   Namespaces in map will still use their mapped log levels when enabled
+  // Example with auto: false - set DEBUG=test:app,test:module before running
+  // auto: true,
+
+  // map: associate debug namespaces with pino log levels
+  // Supports wildcards (*) in namespace patterns
+  // Available pino log levels: trace, debug, info, warn, error, fatal
+  map: {
+    'test:app': 'info', // Specific namespace -> info level
+    'test:module': 'debug', // Specific namespace -> debug level
+    'test:error': 'error', // Error-level logging
+    'test:warn': 'warn', // Warning-level logging
+    'test:trace': 'trace', // Trace-level logging
+    'test:critical': 'fatal', // Fatal-level logging
+    'test:util:*': 'debug', // Wildcard pattern -> debug level
+    'test:sub:*': 'trace', // Another wildcard pattern
+    'test:*': 'trace' // Catch-all pattern (must be last due to precision sorting)
+  },
+  levels: ['info', 'warn', 'error', 'fatal', 'trace', 'debug'],
+  // format: specify the output format for debug-fmt
+  // Available formats: 'logfmt' (default), 'json', 'pretty'
+  format: 'logfmt',
+  // skip: array of namespaces to disable/skip
+  // Equivalent to prefixing namespaces with '-' in DEBUG env var
+  skip: [
+    'test:disabled', // This namespace will not be logged
+    'test:noisy:*' // Skip all noisy sub-namespaces
+  ]
+})