syntropylog 0.9.12 → 0.9.14

package/CHANGELOG.md

@@ -1,5 +1,25 @@
 # Changelog
 
+## 0.9.14
+
+### Patch Changes
+
+- **Chalk optional for pretty console transports (Classic, Pretty, Compact, Colorful)**
+  - **Fix**: `ClassicConsoleTransport` (and other chalk-powered transports) now work in both ESM (tsx + `"type": "module"`) and CJS (e.g. ts-node) consumers. Chalk is loaded optionally via a small helper that uses `require` in CJS and `createRequire(import.meta.url)` in ESM; if chalk is missing or fails to load, a no-op is used so the same format is logged without colors.
+  - **README**: Clarified that chalk is optional — install it for colors, or use the same transports without it for plain-text output. Table updated to show "With chalk" / "Without chalk" and added ColorfulConsoleTransport.
+
+## 0.9.13
+
+### Patch Changes
+
+- a1498cb: - **MaskingEngine**: On masking failure (timeout/error), return a safe fallback payload with `_maskingFailed` and allowed keys only (`level`, `timestamp`, `message`, `service`) instead of raw metadata to avoid leaking sensitive data.
+  - **RedisConnectionManager**: Call `removeAllListeners()` when client was never open in `disconnect()` to avoid listener leaks.
+  - **RedisManager**: Clear `instances` and `defaultInstance` in `shutdown()` after closing connections.
+- eca5f56: **Fix: ~3–6s delay per log call (logger.info/warn/error)**
+  - **Cause**: `MaskingEngine` used the `regex-test` package for every key×rule check. That package runs each test in a child-process worker with a single queue, so many sequential IPC round-trips added up to several seconds per log.
+  - **Change**: Built-in default rules (password, email, token, credit_card, SSN, phone) now use synchronous `RegExp.test()` in-process; they use safe, known patterns with no ReDoS risk. Custom rules added via `masking.rules` still use `regex-test` with timeout for safety.
+  - **Result**: Log calls complete in milliseconds again. README documents the behavior under "Data Masking → Performance".
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

package/CONTRIBUTING.md

@@ -86,6 +86,24 @@ We welcome code contributions! To contribute code, please follow these steps:
 - Keep API documentation current
 - Include usage examples
 
+## Release process (maintainers)
+
+Releases use [Changesets](https://github.com/changesets/changesets) and GitHub Actions. **Para que la versión suba en npm, siempre tienes que hacer una de estas dos cosas:**
+
+### Opción A: Usar el PR que crea el action
+
+1. **Añade un changeset** al cambiar la librería: `pnpm changeset` (elige tipo de versión y describe el cambio).
+2. **Push a `main`**. El workflow crea un PR **"Version Packages"** con el bump (ej. 0.9.12 → 0.9.13) y el CHANGELOG actualizado. **Todavía no publica en npm.**
+3. **Mergea ese PR** en `main`. Ese merge vuelve a disparar el workflow y **ahí sí** se ejecuta `publish` y la nueva versión aparece en npm.
+
+### Opción B: Subir la versión a mano (sin PR)
+
+1. Con changesets ya en el repo, en local: `pnpm run version-packages`. Eso actualiza `package.json`, CHANGELOG y borra los changesets.
+2. **Commit** (package.json, CHANGELOG.md, y los .changeset/*.md borrados) y **push a `main`**.
+3. El workflow corre, no hay changesets que aplicar, y ejecuta **publish** → la versión sube a npm.
+
+En ambos casos, **main** y **npm** quedan con la misma versión.
+
 ## Getting Help
 
 If you need help with your contribution, please:

package/README.md

@@ -73,24 +73,25 @@ npm install syntropylog
 
 By default, SyntropyLog outputs **lightweight plain JSON to the console — automatically, with no configuration needed**. No imports, no setup, no extra dependencies.
 
-If you want **colored, human-readable output** for development, use one of the chalk-powered transports. These require `chalk` to be installed explicitly in your project to keep the base bundle small:
+If you want **colored, human-readable output** for development, use one of the pretty console transports (`ClassicConsoleTransport`, `PrettyConsoleTransport`, `CompactConsoleTransport`, `ColorfulConsoleTransport`). **Chalk is optional:** if you install `chalk` in your project, those transports use it and you get colors; if you don't install it, the same format is shown in plain text (no colors). That keeps the base bundle small and avoids CJS/ESM load issues when chalk isn't present.
 
 ```bash
-npm install chalk
+npm install chalk   # optional — only if you want colors
 ```
 
-| Transport | Style | Color | Recommended for |
-| :--- | :--- | :---: | :--- |
-| *(default)* | Plain JSON | ❌ | Production / log aggregators |
-| `ClassicConsoleTransport` | Structured + colored | ✅ | Development |
-| `PrettyConsoleTransport` | Human-readable pretty print | ✅ | Development / debugging |
-| `CompactConsoleTransport` | Compact one-liner | ✅ | Development |
+| Transport | Style | With chalk | Without chalk | Recommended for |
+| :--- | :--- | :---: | :--- | :--- |
+| *(default)* | Plain JSON | — | — | Production / log aggregators |
+| `ClassicConsoleTransport` | Structured single-line | ✅ Colored | Plain text | Development |
+| `PrettyConsoleTransport` | Human-readable pretty | ✅ Colored | Plain text | Development / debugging |
+| `CompactConsoleTransport` | Compact one-liner | ✅ Colored | Plain text | Development |
+| `ColorfulConsoleTransport` | Full-line colored | ✅ Colored | Plain text | Development |
 
 ```typescript
 // Default — no import needed, works out of the box
 syntropyLog.init({ logger: { level: 'info', serviceName: 'my-app' } });
 
-// Want colors? Install chalk first, then import the transport:
+// Pretty format: with chalk → colors; without chalk → same format, no colors
 import { ClassicConsoleTransport } from 'syntropylog';
 
 syntropyLog.init({
@@ -446,6 +447,8 @@ await syntropyLog.init({
 
 > **Silent Observer guarantee**: if the masking engine fails for any reason, it returns the original object and the application keeps running — it never throws.
 
+**Performance**: Built-in rules use synchronous regex matching (safe, known patterns). Custom rules you add still use the timeout-protected `regex-test` worker to guard against ReDoS. This avoids the ~3–6s delay per log that occurred when every key was tested via the worker queue.
+
 ---
 
 ## 💾 Universal Persistence — Log to Any Database

package/dist/index.cjs

@@ -7,9 +7,10 @@ var node_async_hooks = require('node:async_hooks');
 var crypto = require('crypto');
 var util = require('node:util');
 var flatted = require('flatted');
-var chalk = require('chalk');
+var module$1 = require('module');
 var redis = require('redis');
 
+var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 function _interopNamespaceDefault(e) {
     var n = Object.create(null);
     if (e) {
@@ -150,36 +151,42 @@ class MaskingEngine {
                 strategy: MaskingStrategy.CREDIT_CARD,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
             {
                 pattern: /ssn|social_security|security_number/i,
                 strategy: MaskingStrategy.SSN,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
             {
                 pattern: /email/i,
                 strategy: MaskingStrategy.EMAIL,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
             {
                 pattern: /phone|phone_number|mobile_number/i,
                 strategy: MaskingStrategy.PHONE,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
             {
                 pattern: /password|pass|pwd|secret/i,
                 strategy: MaskingStrategy.PASSWORD,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
             {
                 pattern: /token|api_key|auth_token|jwt|bearer/i,
                 strategy: MaskingStrategy.TOKEN,
                 preserveLength: true,
                 maskChar: this.maskChar,
+                _isDefaultRule: true,
             },
         ];
         for (const rule of defaultRules) {
@@ -206,8 +213,10 @@ class MaskingEngine {
     /**
      * Processes a metadata object and applies the configured masking rules.
      * Uses JSON flattening strategy for extreme performance.
+     * On failure (timeout, rule error, etc.) returns a safe redacted object with an explicit message
+     * instead of the original data, to avoid leaking sensitive content.
      * @param meta - The metadata object to process
-     * @returns A new object with the masked data
+     * @returns A new object with the masked data, or a safe fallback object if masking fails
      */
     async process(meta) {
         // Set initialized flag on first use
@@ -222,10 +231,28 @@ class MaskingEngine {
             return masked;
         }
         catch {
-            // Silent observer - return original data if masking fails
-            return meta;
+            // Do not return original data: emit a safe placeholder so sensitive payload is never logged
+            return {
+                ...MaskingEngine.buildSafeFallbackFromMeta(meta),
+                _maskingFailed: true,
+                _maskingFailedMessage: MaskingEngine.MASKING_FAILED_MESSAGE,
+            };
         }
     }
+    /**
+     * Builds a minimal safe object from meta (level, timestamp, message, service) for fallback.
+     * Avoids leaking any arbitrary keys/values when masking fails.
+     */
+    static buildSafeFallbackFromMeta(meta) {
+        const safe = {};
+        const allowedKeys = ['level', 'timestamp', 'message', 'service'];
+        for (const key of allowedKeys) {
+            if (key in meta && meta[key] !== undefined) {
+                safe[key] = meta[key];
+            }
+        }
+        return safe;
+    }
     /**
      * Applies masking rules to data recursively.
      * @param data - Data to mask
@@ -254,13 +281,20 @@ class MaskingEngine {
                     for (const rule of this.rules) {
                         let isMatch = false;
                         if (rule._compiledPattern) {
-                            try {
-                                // Use regex-test for safe execution with timeout
-                                isMatch = await this.regexTest.test(rule._compiledPattern, key);
+                            if (rule._isDefaultRule) {
+                                // Default rules use safe, known patterns (no ReDoS); sync test avoids
+                                // regex-test worker IPC queue which caused ~3–6s delay per log.
+                                isMatch = rule._compiledPattern.test(key);
                             }
-                            catch {
-                                // Silent failure on timeout/error - treat as no match
-                                isMatch = false;
+                            else {
+                                try {
+                                    // Custom rules: use regex-test for safe execution with timeout
+                                    isMatch = await this.regexTest.test(rule._compiledPattern, key);
+                                }
+                                catch {
+                                    // Silent failure on timeout/error - treat as no match
+                                    isMatch = false;
+                                }
                             }
                         }
                         if (isMatch) {
@@ -477,6 +511,8 @@ class MaskingEngine {
         }
     }
 }
+/** Message used when masking fails (e.g. timeout) so we never emit raw payload. */
+MaskingEngine.MASKING_FAILED_MESSAGE = '[SyntropyLog] Masking could not be applied (e.g. timeout or error); payload redacted for safety.';
 
 /**
  * FILE: src/config.schema.ts
@@ -2519,9 +2555,59 @@ class SyntropyLog extends events.EventEmitter {
 const syntropyLog = SyntropyLog.getInstance();
 
 /**
- * @file src/logger/transports/BaseConsolePrettyTransport.ts
- * @description An abstract base class for console transports that provide colored, human-readable output.
+ * @file src/logger/transports/optionalChalk.ts
+ * @description Load chalk optionally so that pretty console transports work in both
+ * ESM (tsx + "type": "module") and CJS (ts-node) consumers. If chalk is missing or
+ * fails to load, a no-op identity is used (no colors).
+ */
+function createNoColorChalk() {
+    const noColor = ((s) => s);
+    noColor.white = noColor;
+    noColor.bold = noColor;
+    noColor.red = noColor;
+    noColor.bgRed = noColor;
+    noColor.yellow = noColor;
+    noColor.cyan = noColor;
+    noColor.green = noColor;
+    noColor.gray = noColor;
+    noColor.magenta = noColor;
+    noColor.blue = noColor;
+    noColor.bgWhite = noColor;
+    noColor.dim = noColor;
+    return noColor;
+}
+function getRequire() {
+    if (typeof require !== 'undefined') {
+        return require;
+    }
+    return module$1.createRequire((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)));
+}
+function loadChalkSync() {
+    try {
+        const c = getRequire()('chalk');
+        const ch = (c?.default ?? c);
+        if (ch && typeof ch.white !== 'undefined') {
+            return ch;
+        }
+    }
+    catch {
+        // chalk not installed or failed to load (e.g. CJS/ESM interop)
+    }
+    return createNoColorChalk();
+}
+let cached = null;
+/**
+ * Returns a chalk-like instance: real chalk if available and usable, otherwise
+ * a no-op that returns the string unchanged. Safe to call from both ESM and CJS.
  */
+function getOptionalChalk() {
+    if (cached !== null) {
+        return cached;
+    }
+    cached = loadChalkSync();
+    return cached;
+}
+
 /**
  * @class BaseConsolePrettyTransport
  * @description Provides common functionality for "pretty" console transports,
@@ -2532,8 +2618,7 @@ const syntropyLog = SyntropyLog.getInstance();
 class BaseConsolePrettyTransport extends Transport {
     constructor(options) {
         super(options);
-        // Chalk v4 is used directly, not instantiated.
-        this.chalk = chalk;
+        this.chalk = getOptionalChalk();
     }
     /**
      * The core log method. It handles common logic and delegates specific
@@ -2671,7 +2756,7 @@ class CompactConsoleTransport extends BaseConsolePrettyTransport {
                 // Simple stringify for objects/arrays in metadata.
                 const formattedValue = typeof value === 'object' && value !== null
                     ? JSON.stringify(value)
-                    : value;
+                    : String(value);
                 return `${this.chalk.dim(key)}=${this.chalk.gray(formattedValue)}`;
             })
                 .join(' ');
@@ -3296,6 +3381,10 @@ class RedisConnectionManager {
             }
         }
         else {
+            // Client never connected or already closed: remove listeners to avoid leak
+            if (typeof this.client.removeAllListeners === 'function') {
+                this.client.removeAllListeners();
+            }
             this.logger.info('Client was not open. Quit operation effectively complete.');
         }
     }
@@ -4537,6 +4626,8 @@ class RedisManager {
         this.logger.info('Closing all Redis connections...');
         const shutdownPromises = Array.from(this.instances.values()).map((instance) => instance.quit());
         await Promise.allSettled(shutdownPromises);
+        this.instances.clear();
+        this.defaultInstance = undefined;
         this.logger.info('All Redis connections have been closed.');
     }
 }