Package Health Score

84 / 100

security
No known security issues
popularity
Recognized
maintenance
Healthy
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
2.7.1	\|	08/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.6.0	\|	06/2022		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.4.4	\|	03/2020	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.2.6	\|	03/2017		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.2.5	\|	01/2014		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Recognized

Weekly Downloads (86,408)

GitHub Stars: 136
Forks: 119
Contributors: 40

Direct Usage Popularity

The npm package winston-syslog receives a total of 86,408 downloads a week. As such, we scored winston-syslog popularity level to be Recognized.

Based on project statistics from the GitHub repository for the npm package winston-syslog, we found that it has been starred 136 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 40
Funding: No

With more than 10 contributors for the winston-syslog repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like winston-syslog is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 48
Open PR: 10
Last Release: 23 days ago
Last Commit: 23 days ago

Further analysis of the maintenance status of winston-syslog based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that winston-syslog demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >= 8

Age: 13 years
Dependencies: 3 Direct
Versions: 30
Install Size: 38.9 kB
Dist-tags: 1
# of Files: 11
Maintainers: 5
TS Typings: Yes

winston-syslog has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

winston-syslog

A Syslog transport for winston.

Requirements

winston >= 3.0.0

Installation

Installing npm (node package manager)

  $ curl https://npmjs.org/install.sh | sh

Installing winston-syslog

  $ npm install winston
  $ npm install winston-syslog

Motivation

tldr;?: To break the winston codebase into small modules that work together.

The winston codebase has been growing significantly with contributions and other logging transports. This is awesome. However, taking a ton of additional dependencies just to do something simple like logging to the Console and a File is overkill.

Usage

To use the Syslog transport in winston, you simply need to require it and then either add it to an existing winston logger or pass an instance to a new winston logger:

  const winston = require('winston');

  //
  // Requiring `winston-syslog` will expose
  // `winston.transports.Syslog`
  //
  require('winston-syslog').Syslog;

  winston.add(new winston.transports.Syslog(options));

In addition to the options accepted by the syslog (compliant with RFC 3164 and RFC 5424), the Riak transport also accepts the following options. It is worth noting that the riak-js debug option is set to false by default:

host: The host running syslogd, defaults to localhost.
port: The port on the host that syslog is running on, defaults to syslogd's default port.
protocol: The network protocol to log over (e.g. tcp4, udp4, tls4, unix, unix-connect, etc), defaults to udp4.
protocolOptions: Socket connect options. See net.socket.connect for available options.
path: The path to the syslog dgram socket (i.e. /dev/log or /var/run/syslog for OS X).
pid: PID of the process that log messages are coming from (Default process.pid).
facility: Syslog facility to use (Default: local0).
localhost: Host to indicate that log messages are coming from (Default: localhost).
type: The type of the syslog protocol to use (Default: BSD, also valid: '3164', '5424', 'RFC3164' or 'RFC5424').
app_name: The name of the application (Default: process.title).
eol: The end of line character to be added to the end of the message (Default: Message without modifications).
secureProtocol: See for more information on this option, passed through from this constructor.
ciphers: See for more information on this option, passed through from this constructor.
ecdhCurve: See for more information on this option, passed through from this constructor.
rejectUnauthorized: See for more information on this option, passed through from this constructor.
requestCert: See for more information on this option, passed through from this constructor.

Metadata: Logged as string compiled by glossy.

By default, syslog messages are produced by glossy, but you can override that behavior by providing a custom Producer instance via the customProducer setting.

Log Levels

Because syslog only allows a subset of the levels available in winston, levels that do not match will be ignored. Therefore, in order to use winston-syslog effectively, you should indicate to winston that you want to use the syslog levels:

  const winston = require('winston');
  const logger = winston.createLogger({
    levels: winston.config.syslog.levels,
    transports: [
      new winston.transports.Syslog()
    ]
  });

The Syslog transport will only log to the level that are available in the syslog protocol. These are (in increasing order of severity):

debug
info
notice
warning
err
crit
alert
emerg

Syslog Configuration

You will have to configure your syslog server to accept TCP or UDP connections. This is usually done in /etc/syslog-ng.conf. Let's say you have an app called fnord and want to use TCP, the configuration would look something like this:

  source tcp_s {
    tcp(ip(0.0.0.0) port(514) max-connections(256));
  };
  destination fnord_d {
    file("/var/log/fnord.log");
  };
  log { source(tcp_s); destination(fnord_d); };

If you have multiple apps which need to log via TCP, you can specify filters, as such:

  filter fnord_f { program("fnord"); };

Then modify the log statement to read:

  log { source(tcp_s); filter(fnord_f); destination(fnord_d); };

Now if you have another app, called bnord, create similar destination and filter configurations for it, and specify a new log statement, with the same source:

  log { source(tcp_s); filter(bnord_f); destination(bnord_d); };

For this to work, you have to make sure you set the process.title variable in your node app.

  process.title = 'fnord';

Author: Charlie Robbins

Contributors: Squeeks

winston-syslog dependencies

glossy triple-beam winston-transport

winston-syslog development dependencies

eslint @dabh/eslint-config-populist sinon vows winston

FAQs

What is winston-syslog?

A syslog transport for winston. Visit Snyk Advisor to see a full health score report for winston-syslog, including popularity, security, maintenance & community analysis.

Is winston-syslog popular?

The npm package winston-syslog receives a total of 86,408 weekly downloads. As such, winston-syslog popularity was classified as a recognized. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is winston-syslog well maintained?

We found that winston-syslog demonstrated a healthy version release cadence and project activity. It has a community of 40 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is winston-syslog safe to use?

The npm package winston-syslog was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 7 September-2024, at 18:44 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP