tracer — Greenflagged

A powerful and customizable logging library for node.js. support color console with timestamp, line number, method name, file name and call stack. you can set transport to file, stream, database(ex: mongodb and clouddb, simpledb). keywords: log, logger, t

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

baryon

Keywords

logloggertracedebug

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:example/express/node_modules/acorn/src/identifier.js	AI (source-diff): File is a legitimate acorn parser source; long lines are Unicode character class regexes for identifier parsing, not obfuscation. Located in vendored example dependencies.	ai	2026/04/24
source-diff	large-new-source-files	AI (source-diff): New files are vendored node_modules inside the example/express directory, not injected library code. Stable false positive for this package.	ai	2026/04/24
source-diff	source-size-tripled	AI (source-diff): Size increase is entirely due to vendored example/express/node_modules dependencies. Not a payload injection.	ai	2026/04/24
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in lib/console.js is a documented tracer feature allowing module-name transport configuration strings. Intentional API design.	ai	2026/04/24
semgrep	semgrep:eval-usage	AI (semgrep): eval("require") pattern in lib/console.js is used to dynamically load user-specified transport modules; input is a module name string from user config, not remote data. Stable false positive for this package.	ai	2026/04/23
semgrep	semgrep:child-process-import	AI (semgrep): child_process import in lib/dailyfile.js is consistent with a logging library's file rotation functionality. No evidence of malicious command execution.	ai	2026/04/23

Versions (showing 51 of 55)

View all versions

Version	Deps	Published
1.3.0	4 / 12	2023-10-11
1.2.0	4 / 12	2023-09-13
1.1.6	4 / 9	2022-06-30
1.1.5	4 / 8	2021-06-10
1.1.4	4 / 8	2020-10-31
1.1.3	4 / 8	2020-07-24
1.1.2	4 / 8	2020-05-23
1.1.1	4 / 8	2020-05-16
1.1.0	4 / 8	2020-05-14
1.0.3	5 / 7	2020-04-04
1.0.2	5 / 7	2020-01-04
1.0.1	5 / 7	2019-08-28
1.0.0	5 / 7	2019-08-07
0.9.9	5 / 7	2019-08-02
0.9.8	4 / 8	2018-12-31
0.9.6	4 / 8	2018-11-15
0.9.5	4 / 8	2018-11-15
0.9.4	4 / 8	2018-11-08
0.9.3	4 / 8	2018-11-08
0.9.2	4 / 6	2018-10-26
0.9.1	4 / 6	2018-07-06
0.9.0	4 / 6	2018-06-13
0.8.15	4 / 6	2018-05-03
0.8.12	4 / 5	2018-02-16
0.8.11	3 / 5	2017-08-24
0.8.9	3 / 5	2017-05-12
0.8.8	3 / 5	2017-05-12
0.8.7	3 / 5	2016-10-28
0.8.6	3 / 5	2016-10-28
0.8.5	3 / 5	2016-10-28
0.8.3	3 / 4	2016-01-29
0.8.2	3 / 3	2015-11-19
0.8.1	3 / 3	2015-10-21
0.8.0	3 / 3	2015-08-20
0.7.4	3 / 3	2015-03-19
0.7.3	3 / 3	2014-09-07
0.7.2	3 / 3	2014-09-05
0.7.1	3 / 2	2014-04-01
0.7.0	3 / 2	2014-03-31
0.6.2	3 / 2	2014-01-17
0.6.1	3 / 2	2013-10-17
0.6.0	3 / 2	2013-10-11
0.5.1	3 / 2	2012-06-27
0.5.0	3 / 2	2012-06-22
0.4.2	3 / 2	2012-04-23
0.4.1	3 / 2	2012-03-21
0.4.0	3 / 2	2012-03-21
0.3.5	3 / 2	2012-03-14
0.3.4	3 / 2	2012-03-13
0.3.3	2 / 2	2012-03-09
0.3.1	2 / 2	2012-03-08

v1.3.0

2 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: baryon.