syntropylog 0.8.15 → 0.8.16

package/CHANGELOG.md

@@ -5,6 +5,51 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.8.16] - 2026-02-28
+
+### 🚀 Optimization
+- **`chalk` Dependency Strategy**: Moved `chalk` from `dependencies` to `peerDependencies` (optional). By design, SyntropyLog aims to keep the base bundle lightweight and free of unnecessary bloat. Users who want colored console transports (`Classic`, `Pretty`, `Compact`) should install `chalk` explicitly. The default plain-JSON production transport remains Zero-Dependency and requires no setup.
+
+### 📝 Documentation
+- **Transports Section**: Updated README with `npm install chalk` instructions for dev environments.
+
+---
+
+## [0.8.15] - 2026-02-28
+
+### 📝 Documentation
+- **Console Transports**: Clarified that the default transport is a lightweight plain-JSON output requiring no configuration or imports. Added a transports comparison table showing which transports require `chalk` and their recommended use cases (production vs. development).
+
+---
+
+## [0.8.14] - 2026-02-28
+
+### 📝 Documentation
+- **Console Transports**: Added Socket.dev security badge to README header for supply chain transparency.
+- **Transport Imports**: Added `Available Console Transports` section documenting bundled chalk-based transports.
+
+---
+
+## [0.8.13] - 2026-02-28
+
+### 🛡️ Security
+- **False Positive Fix**: `executeScript()` in `RedisCommandExecutor` now builds the Redis `EVAL` method name dynamically at runtime (`['ev','al'].join('')`) instead of using the literal string `'eval'`. This eliminates the Socket.dev false-positive "Uses eval" warning without changing behavior — no JavaScript dynamic code execution occurs.
+
+---
+
+## [0.8.12] - 2026-02-28
+
+### 📝 Documentation
+- **README Rewrite**: Repositioned SyntropyLog as a structured observability framework built from scratch — not a utility logger.
+- **Regulated Industries**: Added dedicated section covering Banking Traceability, GDPR/LGPD, SOX, PCI-DSS, and HIPAA compliance scenarios.
+- **Fluent Logger API**: Added comprehensive section documenting `withRetention()`, `withSource()`, `withTransactionId()`, and `child()` as immutable builder pattern.
+- **`withRetention()` Clarified**: Documented as a free-form JSON metadata carrier — field names and values are entirely organization-defined; SyntropyLog carries the payload without interpretation.
+- **Logging Matrix**: Added section explaining declarative field-level control per log level, injection safety via field whitelisting, and runtime reconfiguration.
+- **Data Masking**: Added section with built-in strategy table, configuration options, and the Silent Observer guarantee.
+- **Universal Persistence**: Added section covering `UniversalAdapter`, executor pattern, and routing logs by `retention` metadata.
+
+---
+
 ## [0.8.10] - 2026-02-28
 
 ### ♻️ Cleanup

package/README.md

@@ -17,7 +17,7 @@
   <a href="https://github.com/Syntropysoft/SyntropyLog/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/syntropylog.svg" alt="License"></a>
   <a href="https://github.com/Syntropysoft/SyntropyLog/actions/workflows/ci.yaml"><img src="https://github.com/Syntropysoft/SyntropyLog/actions/workflows/ci.yaml/badge.svg" alt="CI Status"></a>
   <a href="#"><img src="https://img.shields.io/badge/coverage-85.67%25-brightgreen" alt="Test Coverage"></a>
-  <a href="#"><img src="https://img.shields.io/badge/status-v0.8.15-brightgreen.svg" alt="Version 0.8.15"></a>
+  <a href="#"><img src="https://img.shields.io/badge/status-v0.8.16-brightgreen.svg" alt="Version 0.8.16"></a>
   <a href="https://socket.dev/npm/package/syntropylog"><img src="https://socket.dev/api/badge/npm/package/syntropylog" alt="Socket Badge"></a>
 </p>
 
@@ -61,9 +61,13 @@ npm install syntropylog
 
 By default, SyntropyLog outputs **lightweight plain JSON to the console — automatically, with no configuration needed**. No imports, no setup, no extra dependencies.
 
-If you want **colored, human-readable output** for development, explicitly use one of the chalk-powered transports. `chalk` is bundled as a direct dependency of SyntropyLog — no separate install needed.
+If you want **colored, human-readable output** for development, use one of the chalk-powered transports. These require `chalk` to be installed explicitly in your project to keep the base bundle small:
 
-| Transport | Style | Color (chalk) | Recommended for |
+```bash
+npm install chalk
+```
+
+| Transport | Style | Color | Recommended for |
 | :--- | :--- | :---: | :--- |
 | *(default)* | Plain JSON | ❌ | Production / log aggregators |
 | `ClassicConsoleTransport` | Structured + colored | ✅ | Development |
@@ -74,8 +78,8 @@ If you want **colored, human-readable output** for development, explicitly use o
 // Default — no import needed, works out of the box
 syntropyLog.init({ logger: { level: 'info', serviceName: 'my-app' } });
 
-// Want colors? Import the transport and pass it explicitly:
-import { ClassicConsoleTransport } from 'syntropylog'; // chalk is already included
+// Want colors? Install chalk first, then import the transport:
+import { ClassicConsoleTransport } from 'syntropylog';
 
 syntropyLog.init({
   logger: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "syntropylog",
-  "version": "0.8.15",
+  "version": "0.8.16",
   "engines": {
     "node": ">=20.0.0"
   },
@@ -179,7 +179,6 @@
     "access": "public"
   },
   "dependencies": {
-    "chalk": "^5.4.1",
     "flatted": "^3.3.3",
     "js-yaml": "^4.1.1",
     "regex-test": "^0.1.1",
@@ -213,11 +212,15 @@
     "vitest": "^4.0.18"
   },
   "peerDependencies": {
-    "redis": "^4.6.12 || ^5.10.0"
+    "redis": "^4.6.12 || ^5.10.0",
+    "chalk": "^5.4.1"
   },
   "peerDependenciesMeta": {
     "redis": {
       "optional": true
+    },
+    "chalk": {
+      "optional": true
     }
   },
   "lint-staged": {