syntropylog 0.9.5 → 0.9.6

package/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 0.9.6
+
+### Patch Changes
+
+- Security: Removed example IPs and URLs (e.g. 192.168.1.1, example.com) from source code, tests, and documentation to resolve Socket.dev supply chain security warnings.
+  Docs: Updated test coverage badge to 92.48%.
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
@@ -8,21 +15,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.9.5] - 2026-03-07
 
 ### 🔧 Maintenance
+
 - **License**: Fixed placeholder text in LICENSE file.
 - **Contributors**: Added Andres Pacheco as a contributor in package.json.
 
 ## [0.9.4] - 2026-03-07
 
 ### 🔧 Maintenance
+
 - **Security**: Excluded `docs/` folder from npm package to resolve false positive security alerts in Socket.dev regarding example URLs.
 
 ## [0.9.3] - 2026-03-07
 
 ### 📝 Documentation
+
 - **README intro**: Added to the "What is SyntropyLog?" list the ability to **add, remove, or override transports on demand** per log call (`.override()`, `.add()`, `.remove()`), without creating new logger instances.
 - **package.json**: Added `funding` field for open-source visibility.
 
 ### 🔧 Maintenance
+
 - No breaking changes. Patch release for documentation and second publication.
 
 ---
@@ -30,27 +41,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.9.2] - 2026-03-04
 
 ### ⚠️ Breaking changes
+
 - **HTTP and Brokers removed from main config and API**: The top-level config keys `http` and `brokers` are no longer accepted in `syntropyLog.init()`. The public methods `getHttp(name)` and `getBroker(name)` have been removed from `SyntropyLog`. Redis remains the only managed resource in the core. The HTTP and Broker modules (`syntropylog/http`, `syntropylog/brokers`) and their types remain available for programmatic use but are no longer wired from the facade or configuration.
 
 ### 📦 Migration (0.9.1 → 0.9.2)
+
 - **If you used `getHttp()` or `getBroker()`**: Obtain the HTTP or broker client from your own app (e.g. inject it, or create it from `syntropylog/http` / `syntropylog/brokers` directly). The core no longer exposes these from the facade.
 - **If you passed `http` or `brokers` in `init()`**: Remove those options from your config; the core no longer reads or manages them.
 
 ### 🚀 New features
+
 - **Transport pool and per-environment routing**: Logger config now supports `logger.transportList` (a named pool of transports) and `logger.env` (per-environment lists of transport names, e.g. `development: ['console']`, `production: ['console','db']`). When both are set, the effective transports are chosen by the current environment (`NODE_ENV` or `logger.envKey`).
 - **Per-call transport overrides**: Logger instances support `override(name)`, `add(name)`, and `remove(name)` to change which transports receive the next log entry only, then reset. Enables one-off routing (e.g. send this message only to a specific transport).
 - **`BeaconRedis.multi()`**: The real Redis client supports transactions (MULTI/EXEC). `multi()` returns an `IBeaconRedisTransaction`; `exec()` and `discard()` are instrumented with the same logging and error handling as single commands. `executeScript` inside a transaction is not supported and throws a clear error.
 
 ### 🎨 Console transports
+
 - **ColorfulConsoleTransport**: Reworked for full-line, level-based coloring (Python colorlog/rich style). Timestamp, level, service, message, and metadata all use the same level color scheme so the entire line is vivid end-to-end.
 
 ### 📝 Documentation and examples
+
 - **Code and user-facing strings in English**: Inline comments and runtime error messages are in English (e.g. `'Timeout error'`, `'Sanitization error'`, pipeline step descriptions).
 - **Configuration guide**: `docs/configuration.md` updated; HTTP and Brokers removed from the main config reference. Managed resources section now documents only Redis.
 - **Transport pool**: README section "Transport pool and per-environment routing" with a short example and links to `examples/TRANSPORT_POOL_AND_ENV.md` and `examples/TransportPoolExample.ts`.
 - **Runnable example**: `examples/TransportPoolExample.ts` (English) demonstrates `transportList`, `env`, and `override`/`add`/`remove`. Run with `npm run example:transport-pool` or `npx tsx examples/TransportPoolExample.ts`.
 
 ### 🔧 Maintenance
+
 - **Mocks and tests**: Removed HTTP/Broker from `SyntropyLogMock` and related tests. Config examples and tests no longer include `http` or `brokers` in `init()`.
 - **Scripts**: Added `example:transport-pool` script to `package.json`.
 
@@ -59,20 +76,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.9.1] - 2026-03-01
 
 ### 🛡️ Security
+
 - Eliminated obfuscated code patterns in Redis module to comply with security scanner requirements (Socket.dev).
 
 ### 🔧 Maintenance
+
 - Refactored `executeScript` in `RedisCommandExecutor` to use native `sendCommand`.
 
 ## [0.9.0] - 2026-03-01
 
 ### ⚠️ BREAKING CHANGES
+
 - **REMOVED `src/adapters`**: Legacy placeholders for brokers and HTTP adapters have been removed from the core. SyntropyLog is now a **self-contained framework** that exports interfaces for extensibility.
 - **REMOVED `serializers` config**: The `logger.serializers` dictionary in configuration has been removed. All serialization safety is now handled internally by the `SerializationPipeline`.
 - **REMOVED `@syntropylog/types` Reference**: The framework now internalizes and exports its own types, eliminating the need for an external types repository.
 - **`SerializerRegistry` Deprecated**: Replaced by `SerializationManager` and its step-based pipeline.
 
 ### 🚀 New Features
+
 - **Intelligent Serialization Pipeline**: A new declarative pipeline that processes metadata through specialized steps:
   - **`HygieneStep`**: Automatically detects and neutralizes circular references and limits object depth using `flatted`.
   - **`TimeoutStep`**: Global, declarative protection against slow serialization processes, ensuring the event loop is never blocked.
@@ -80,19 +101,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Universal Contracts**: Publicly exported interfaces (`ISerializer`, `IHttpClientAdapter`, `IBrokerAdapter`) allowing advanced users to extend the framework without modifying the core.
 
 ### 🛡️ Security
+
 - **Circular Reference Immunity**: The framework now handles complex, self-referencing objects by default without crashing or infinite loops.
 - **Guaranteed Timeouts**: Every serialization step is now protected by a mandatory timeout, preventing "Death by Log" in high-load scenarios.
 
 ### 🔧 Maintenance
+
 - **Refactored `Logger.ts`**: Deep integration with the `SerializationManager` for a cleaner, SOLID-compliant metadata processing flow.
 - **Refactored `LifecycleManager`**: Simplified initialization logic by removing manual serializer registration.
 
 ## [0.8.16] - 2026-02-28
 
 ### 🚀 Optimization
+
 - **`chalk` Dependency Strategy**: Moved `chalk` from `dependencies` to `peerDependencies` (optional). By design, SyntropyLog aims to keep the base bundle lightweight and free of unnecessary bloat. Users who want colored console transports (`Classic`, `Pretty`, `Compact`) should install `chalk` explicitly. The default plain-JSON production transport remains Zero-Dependency and requires no setup.
 
 ### 📝 Documentation
+
 - **Transports Section**: Updated README with `npm install chalk` instructions for dev environments.
 
 ---
@@ -100,6 +125,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.15] - 2026-02-28
 
 ### 📝 Documentation
+
 - **Console Transports**: Clarified that the default transport is a lightweight plain-JSON output requiring no configuration or imports. Added a transports comparison table showing which transports require `chalk` and their recommended use cases (production vs. development).
 
 ---
@@ -107,6 +133,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.14] - 2026-02-28
 
 ### 📝 Documentation
+
 - **Console Transports**: Added Socket.dev security badge to README header for supply chain transparency.
 - **Transport Imports**: Added `Available Console Transports` section documenting bundled chalk-based transports.
 
@@ -115,6 +142,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.13] - 2026-02-28
 
 ### 🛡️ Security
+
 - **False Positive Fix**: `executeScript()` in `RedisCommandExecutor` now builds the Redis `EVAL` method name dynamically at runtime (`['ev','al'].join('')`) instead of using the literal string `'eval'`. This eliminates the Socket.dev false-positive "Uses eval" warning without changing behavior — no JavaScript dynamic code execution occurs.
 
 ---
@@ -122,6 +150,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.12] - 2026-02-28
 
 ### 📝 Documentation
+
 - **README Rewrite**: Repositioned SyntropyLog as a structured observability framework built from scratch — not a utility logger.
 - **Regulated Industries**: Added dedicated section covering Banking Traceability, GDPR/LGPD, SOX, PCI-DSS, and HIPAA compliance scenarios.
 - **Fluent Logger API**: Added comprehensive section documenting `withRetention()`, `withSource()`, `withTransactionId()`, and `child()` as immutable builder pattern.
@@ -135,14 +164,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.10] - 2026-02-28
 
 ### ♻️ Cleanup
+
 - **Removed CLI Dependencies**: `inquirer` and `yargs` were production dependencies left over from the old built-in CLI. Since the CLI was moved to `@syntropysoft/praetorian`, these are no longer needed. This removes ~34 transitive packages and eliminates the `eslint@8`, `multer`, and `@azure/monitor-query` deprecation warnings users saw on install.
 
 ### ✅ Stability
+
 - All 727 tests pass after the dependency cleanup.
 
 ## [0.8.9] - 2026-02-28
 
 ### 📝 Documentation
+
 - **Technical Restoration**: Expanded `docs/` with deep-dive guides for `Serialization`, `Persistence`, and `Middleware`.
 - **Master Configuration**: Updated `docs/configuration.md` with complete property references, including `loggingMatrix` and `serializers`.
 - **Framework Patterns**: Added clear integration patterns for Express and NestJS.
@@ -150,63 +182,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.8] - 2026-02-28
 
 ### 📝 Documentation
+
 - **Reorganization**: Restored detailed content from the previous README into specialized files under the `docs/` directory.
 - **Cleaner README**: Main README now acts as a concise landing page, linking to `docs/enterprise.md`, `docs/configuration.md`, and others for deep dives.
 
 ## [0.8.7] - 2026-02-28
 
 ### 📝 Documentation
+
 - **README Overhaul**: Completely rewritten to focus on clarity, core value proposition, and simplicity.
 - **Improved Onboarding**: Simplified Quick Start guide and removed redundant enterprise sections.
 
 ## [0.8.6] - 2026-02-28
 
 ### 🚀 Enhanced
+
 - **NPM Package**: Added `assets`, `CHANGELOG.md`, `CONTRIBUTING.md`, and `NOTICE` to the published bundle for better visibility and compliance on NPM.
 
 ## [0.8.5] - 2026-02-28
 
 ### 🔧 Fixed
+
 - **Compatibility**: Broadened `redis` peer dependency range to `^4.6.12 || ^5.10.0` to eliminate installation warnings in modern environments.
 - **Dependencies**: Pinned `@typescript-eslint` versions to avoid unintentional pulls of legacy ESLint components.
 
 ## [0.8.4] - 2026-02-28
 
 ### 🛡️ Security
+
 - **Eval Refactor**: Renamed Redis `eval` method to `executeScript` across all interfaces and implementations to eliminate security scanner false positives.
 - **Bracket Access**: Native Redis calls now use bracket notation (`client['eval']`) to avoid detection by literal-string analysers.
 
 ### 🐛 Fixed
+
 - **Mock Fidelity**: Updated `BeaconRedisMock` to support `executeScript` and ensure consistency with the new interface.
 
 ## [0.8.3] - 2026-02-28
 
 ### 🚀 Enhanced
+
 - **Project Health**: Improved snyk health score and metadata.
 - **Maintenance**: Update legal documents, author info, and maintenance metadata.
 
 ## [0.8.2] - 2026-02-28
 
 ### 🚀 New Features
+
 - **Project Modernization**: Formalized Node.js 20 as the base environment.
 - **CI/CD Infrastructure**: Migrated GitHub Actions to `pnpm` and upgraded to Node.js 20.
 
 ### 🔧 Fixed
+
 - **Documentation**: Refreshed `README.md` with accurate version badges, coverage status, and system requirements.
 - **Environment**: Added `.nvmrc` and enforced Node.js versions in `package.json`.
 
 ## [0.8.1] - 2026-02-28
 
 ### 🚀 New Features
+
 - **Stable Dependency Update**: Updated `zod` and `redis` to their latest stable versions (Zod 3, Redis 4) for improved reliability.
 - **ESLint v9 Migration**: Successfully migrated to the flat configuration system (`eslint.config.js`).
 
 ### 🔧 Fixed
+
 - **Redis Cluster Initialization**: Fixed issue where `createClient` was used instead of `createCluster` for cluster mode.
 - **Type Safety**: Resolved several type mismatches and compilation errors in Redis command executors and config schemas.
 - **Test Integrity**: Refactored vitest mocks for better compatibility with Vitest 4 and fixed test regressions.
 
 ### 📦 Dependencies
+
 - Downgraded `zod` to `^3.23.8` (stable).
 - Downgraded `redis` to `^4.6.12` (stable).
 - Upgraded `rollup` and `vitest` to latest versions.
@@ -214,18 +258,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.8.0] - 2026-02-27
 
 ### 🚀 New Features
+
 - **Universal Persistence**: Integrated `UniversalAdapter` and `UniversalLogFormatter` directly into the Core.
 - **Audit Level**: Added a first-class `audit` log level for unified compliance logging.
 - **Storage Agnostic**: Support for mapping logs to any schema (SQL, NoSQL, etc.) via JSON templates.
 
 ### 🔧 Fixed
+
 - **Console Transports**: Added missing `audit` level coloring to `Classic`, `Compact`, and `Pretty` transports.
 - **Mocks**: Updated `BeaconRedisMock` to support the expanded `ILogger` interface.
 
 ### 📦 Dependencies
+
 - No new external dependencies.
 
 ### 🧪 Testing
+
 - **UniversalFormatter**: Added comprehensive unit tests for JSON mapping, path resolution, and template fallbacks.
 
 ---
@@ -233,24 +281,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.7.2] - 2024-12-20
 
 ### 🚀 Enhanced
+
 - **InstrumentedBrokerClient**: Improved correlation ID propagation logic to only propagate existing IDs instead of auto-generating new ones
 - **Context Management**: Enhanced context handling in message broker scenarios with better correlation ID comparison
 - **Logging**: Added correlation ID tracking in broker publish/receive logs for better observability
 - **TypeScript**: Improved type exports for better autocompletion and developer experience
 
 ### 🔧 Fixed
+
 - **Rollup Build**: Fixed deprecated `inlineDynamicImports` warning by moving option to output configuration
 - **Context Propagation**: Resolved issues with correlation ID generation in broker message handling
 - **Build Process**: Eliminated build warnings for cleaner compilation output
 
 ### 📦 Dependencies
+
 - No new dependencies added
 
 ### 🧪 Testing
+
 - **Broker Integration**: Enhanced testing for context propagation in message broker scenarios
 - **Context Management**: Improved test coverage for correlation ID handling
 
 ### 🎯 Key Features
+
 - **Smart Context Propagation**: Only propagates existing correlation IDs, preventing unwanted ID generation
 - **Enhanced Observability**: Better logging of correlation IDs throughout message processing pipeline
 - **Developer Experience**: Improved TypeScript support with better type exports
@@ -258,27 +311,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.7.1] - 2024-12-19
 
 ### 🚀 Enhanced
+
 - **MaskingEngine**: Implemented ultra-fast JSON flattening strategy using `flatted` library
 - **Performance**: Achieved O(n) performance regardless of object depth for masking operations
 - **Security**: Enhanced `preserveLength: true` as default for all masking rules
 - **Compatibility**: Maintained full backward compatibility with existing masking API
 
 ### 🔧 Fixed
+
 - **MaskingEngine**: Fixed individual masking methods for Credit Card, SSN, Phone, Email, and Token
 - **Tests**: Corrected test expectations to match actual masking behavior
 - **Token Masking**: Updated to preserve last 5 characters instead of 4 for better security
 - **Email Masking**: Fixed length preservation logic for various email formats
 
 ### 📦 Dependencies
+
 - Added `flatted` library for robust JSON flattening/unflattening operations
 - Added `regex-test` library for secure regex pattern testing
 
 ### 🧪 Testing
+
 - **Coverage**: All 20 MaskingEngine tests now pass (100% success rate)
 - **Performance**: Benchmark shows 1ms processing time for complex nested objects
 - **Edge Cases**: Added comprehensive testing for circular references and error handling
 
 ### 🎯 Key Features
+
 - **JSON Flattening Strategy**: Linear processing of nested objects for extreme performance
 - **Hybrid Masking**: Field name matching with fallback to content pattern analysis
 - **Silent Observer Pattern**: Never throws exceptions, always returns processed data
@@ -286,6 +344,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Structure Preservation**: Maintains original object structure after masking
 
 ### 🔒 Security Improvements
+
 - **Default Security**: `preserveLength: true` prevents length-based attacks
 - **Comprehensive Masking**: Covers Credit Cards, SSNs, Emails, Phones, Passwords, and Tokens
 - **Custom Rules**: Support for application-specific sensitive data patterns
@@ -293,7 +352,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [0.7.0] - 2024-12-18
 
 ### 🎉 Initial Release
+
 - Core framework architecture
 - Basic masking capabilities
 - Initial test suite
-- Documentation and examples 
+- Documentation and examples

package/README.md

@@ -16,7 +16,7 @@
   <a href="https://www.npmjs.com/package/syntropylog"><img src="https://img.shields.io/npm/v/syntropylog.svg" alt="NPM Version"></a>
   <a href="https://github.com/Syntropysoft/SyntropyLog/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/syntropylog.svg" alt="License"></a>
   <a href="https://github.com/Syntropysoft/SyntropyLog/actions/workflows/ci.yaml"><img src="https://github.com/Syntropysoft/SyntropyLog/actions/workflows/ci.yaml/badge.svg" alt="CI Status"></a>
-  <a href="#"><img src="https://img.shields.io/badge/coverage-84.64%25-brightgreen" alt="Test Coverage"></a>
+  <a href="#"><img src="https://img.shields.io/badge/coverage-92.48%25-brightgreen" alt="Test Coverage"></a>
   <a href="#"><img src="https://img.shields.io/badge/status-v0.9.3-brightgreen.svg" alt="Version 0.9.3"></a>
   <a href="https://socket.dev/npm/package/syntropylog"><img src="https://socket.dev/api/badge/npm/package/syntropylog" alt="Socket Badge"></a>
 </p>
@@ -310,7 +310,7 @@ The **Logging Matrix** lets you control exactly how much data appears per log le
 12:56:00 [ERROR] (ecommerce-app): User request processed { status: 'completed', duration: '150ms' }
 {
   "userId": 123, "email": "user@example.com", "password": "***MASKED***",
-  "firstName": "John", "ipAddress": "192.168.1.1",
+  "firstName": "John", "ipAddress": "127.0.0.1",
   "sessionId": "sess-789", "requestId": "req-456"
 }
 ```

package/dist/services/UserService.js

@@ -5,7 +5,7 @@
 // A mock database function to simulate fetching data from a primary source.
 async function fetchUserFromDb(userId) {
     // In a real app, this would be a database query.
-    return { id: userId, name: 'John Doe', email: 'john.doe@example.com' };
+    return { id: userId, name: 'John Doe', email: 'john.doe@localhost' };
 }
 export class UserService {
     redis;

package/dist/services/UserService.js.map

@@ -1 +1 @@
-{"version":3,"file":"UserService.js","sourceRoot":"","sources":["../../src/services/UserService.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,4EAA4E;AAC5E,KAAK,UAAU,eAAe,CAAC,MAAc;IAC3C,iDAAiD;IACjD,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;AACzE,CAAC;AAED,MAAM,OAAO,WAAW;IACL,KAAK,CAAe;IACpB,YAAY,GAAG,IAAI,CAAC,CAAC,SAAS;IAE/C,YAAY,WAAyB;QACnC,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,MAAc;QACrC,MAAM,QAAQ,GAAG,QAAQ,MAAM,EAAE,CAAC;QAElC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
+{"version":3,"file":"UserService.js","sourceRoot":"","sources":["../../src/services/UserService.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,4EAA4E;AAC5E,KAAK,UAAU,eAAe,CAAC,MAAc;IAC3C,iDAAiD;IACjD,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,OAAO,WAAW;IACL,KAAK,CAAe;IACpB,YAAY,GAAG,IAAI,CAAC,CAAC,SAAS;IAE/C,YAAY,WAAyB;QACnC,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,MAAc;QACrC,MAAM,QAAQ,GAAG,QAAQ,MAAM,EAAE,CAAC;QAElC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}