> Even though this module is publicly accessible, we do not recommend using it in projects outside of [Transloadit](https://transloadit.com). We won't make any guarantees about its workings and can change things at any time, we won't adhere strictly to Se
npm install @transloadit/sev-logger> Even though this module is publicly accessible, we do not recommend using it in projects outside of Transloadit. We won't make any guarantees about its workings and can change things at any time, we won't adhere strictly to SemVer.
> This module is maintained from a monorepo called monolib.
@transloadit/sev-logger is a lightweight, printf-style logger with:
- syslog-like levels (EMERG..TRACE) and breadcrumbs
- breadcrumb nesting that auto-pads prefixes so multi-logger output aligns
- structured events (logger.event) alongside formatted lines
- optional timestamps, hostnames, callsites, and clickable paths (each path segment is clickable)
- built-in redaction of secrets (enabled by default)
- ESM/CJS friendly, no runtime deps beyond Node
- Node.js only (browser not supported today)
``bash`
yarn add @transloadit/sev-loggeror
npm install @transloadit/sev-logger
`ts
import { SevLogger } from '@transloadit/sev-logger'
const log = new SevLogger({ breadcrumbs: ['api'] })
log.info('listening on %s', 'http://localhost:3000')
log.event(SevLogger.LEVEL.NOTICE, {
event: 'user.login',
userId: 42,
})
`
Secrets are masked before anything is written to stdout/stderr/files. Defaults include:
- Field names: token, secret, password, pass, authorization, auth, api_key, x-api-key, cookie, session, bearer, …
- Patterns: Slack tokens, Bearer/JWT-like strings, AWS AKIA/ASIA keys
Optional heuristics (disabled by default, can be noisy in paths):
- Generic 32+ char base64ish strings (including slashy tokens)
- High-entropy fallback for token-like strings
Works for formatted logs and event() payloads, even when fields are abbreviated.
To opt back into heuristic redaction, set redact: { heuristics: true } (and optionally entropy: true).
Repeated references and cycles are preserved (no stack overflows, shared refs stay shared). Non-plain objects such as Date, URL, RegExp, Map, Set, custom classes, and Error/AggregateError causes are retained.
Basic usage (default redaction on):
`tsBearer ${process.env.SLACK_BOT_TOKEN}
const log = new SevLogger({ breadcrumbs: ['botty'] })
log.info('token: %s', process.env.SLACK_BOT_TOKEN) // => token: [redacted]
log.event(SevLogger.LEVEL.INFO, {
event: 'botty.start',
headers: { Authorization: },`
}) // => headers.Authorization: "[redacted]"
Configuration (override defaults):
`ts
const log = new SevLogger({
redact: {
enabled: true, // default true
replacement: '[redacted]',
keepLast: 4, // tail to keep visible, default 4
fields: ['sessionId'], // extra field names to always mask (case-insensitive)
patterns: [/SUPERSECRET\w+/g], // extra regexes
heuristics: false, // enable heuristic token redaction, default false
entropy: false, // mask random high-entropy strings (defaults to heuristics)
custom: [(
value, path, // path = ['payload', 'headers', 'authorization'] etc.
) => (typeof value === 'string' ? value.replace(/abc/g, '*') : value)],
},
})
// Opt-out completely
const noRedact = new SevLogger({ redact: false })
`
- logger.info('File %s', '/tmp/foo') — printf-style with %s/%r/%c for strings/paths/clickables.logger.event(level, { event: 'upload.finished', userId, size })
- — emits event name + JSON payload (with optional key abbreviations).
`bash``
cd packages/sev-logger
yarn test
This package is published via automated CI.