From 1683beb2dbb1a2222d6d86f476988dc5cad47875 Mon Sep 17 00:00:00 2001 From: Gandalf Date: Mon, 5 Jan 2026 20:42:09 +0100 Subject: [PATCH] Replace universe-log with pino in renderer package - Fix CSP violation caused by universe-log using Function() constructor for environment detection (equivalent to eval) - Fix broken object logging where objects passed as arguments were silently dropped from output - Fix incorrect console method usage (all logs went to console.error) universe-log (v5.2.0) has been abandoned since August 2019 and has no CSP-compatible version. Pino is already used elsewhere in denser and provides proper CSP-safe environment detection using typeof checks. This also reduces bundle size by ~11KB (universe-log ~15KB -> pino ~4KB). Fixes #788 --- packages/renderer/package.json | 4 ++-- packages/renderer/src/Log.ts | 42 ++++++++++++++++++++++++++-------- pnpm-lock.yaml | 29 +++-------------------- 3 files changed, 37 insertions(+), 38 deletions(-) diff --git a/packages/renderer/package.json b/packages/renderer/package.json index 97a79642d..b68aef648 100755 --- a/packages/renderer/package.json +++ b/packages/renderer/package.json @@ -19,11 +19,11 @@ "dependencies": { "@xmldom/xmldom": "0.8.10", "ow": "0.28.2", + "pino": "^8.17.1", "react-twitter-embed": "^4.0.4", "remarkable": "2.0.1", "sanitize-html": "2.13.0", - "typescript-chained-error": "1.6.0", - "universe-log": "5.2.0" + "typescript-chained-error": "1.6.0" }, "devDependencies": { "@hive/tsconfig": "workspace:*", diff --git a/packages/renderer/src/Log.ts b/packages/renderer/src/Log.ts index 05c6bb16d..34bd9fabd 100644 --- a/packages/renderer/src/Log.ts +++ b/packages/renderer/src/Log.ts @@ -1,17 +1,39 @@ -import {AbstractUniverseLog} from 'universe-log'; +import pino, {Logger} from 'pino'; -export class Log extends AbstractUniverseLog { - public static log(): Log { - return Log.INSTANCE; +// CSP-safe environment detection (no Function() constructor) +const isServer = typeof window === 'undefined'; + +function getLogLevel(): string { + if (isServer) { + return process.env.REACT_APP_LOGGING_LOG_LEVEL?.toLowerCase() || 'info'; } - private static INSTANCE: Log = new Log(); + // In browser, check window for env variable (may be set by build process) + const win = window as unknown as Record; + return win.REACT_APP_LOGGING_LOG_LEVEL?.toLowerCase() || 'info'; +} - private constructor() { - super({ - levelEnvs: ['REACT_APP_LOGGING_LOG_LEVEL'], - metadata: { - library: '@hiveio/content-renderer' +let loggerInstance: Logger | null = null; + +function getLogger(): Logger { + if (!loggerInstance) { + loggerInstance = pino({ + name: '@hiveio/content-renderer', + level: getLogLevel(), + formatters: { + level: (label: string) => ({level: label.toUpperCase()}) + }, + timestamp: pino.stdTimeFunctions.isoTime, + browser: { + // In browser: disabled by default, asObject: false preserves all arguments + disabled: isServer ? false : true, + asObject: false } }); } + return loggerInstance; } + +// Export compatible interface: Log.log().error(), Log.log().warn(), Log.log().debug() +export const Log = { + log: getLogger +}; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f5c7f2c88..258b0dd1c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -464,6 +464,9 @@ importers: ow: specifier: 0.28.2 version: 0.28.2 + pino: + specifier: ^8.17.1 + version: 8.21.0 react-twitter-embed: specifier: ^4.0.4 version: 4.0.4(react-dom@18.3.0(react@17.0.2))(react@17.0.2) @@ -476,9 +479,6 @@ importers: typescript-chained-error: specifier: 1.6.0 version: 1.6.0 - universe-log: - specifier: 5.2.0 - version: 5.2.0 devDependencies: '@commitlint/cli': specifier: 19.3.0 @@ -7167,10 +7167,6 @@ packages: resolution: {integrity: sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==} engines: {node: '>=0.10.0'} - ow@0.13.2: - resolution: {integrity: sha512-9wvr+q+ZTDRvXDjL6eDOdFe5WUl/wa5sntf9kAolxqSpkBqaIObwLgFCGXSJASFw+YciXnOVtDWpxXa9cqV94A==} - engines: {node: '>=6'} - ow@0.28.2: resolution: {integrity: sha512-dD4UpyBh/9m4X2NVjA+73/ZPBRF+uF4zIMFvvQsabMiEK8x41L3rQ8EENOi35kyyoaJwNxEeJcP6Fj1H4U409Q==} engines: {node: '>=12'} @@ -9039,10 +9035,6 @@ packages: resolution: {integrity: sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==} engines: {node: '>=10'} - type-fest@0.5.2: - resolution: {integrity: sha512-DWkS49EQKVX//Tbupb9TFa19c7+MK1XmzkrZUR8TAktmE/DizXoaoJV6TZ/tSIPXipqNiRI6CyAe7x69Jb6RSw==} - engines: {node: '>=6'} - type-fest@0.8.1: resolution: {integrity: sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==} engines: {node: '>=8'} @@ -9210,10 +9202,6 @@ packages: resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==} engines: {node: '>= 10.0.0'} - universe-log@5.2.0: - resolution: {integrity: sha512-8jSMiXIcm0Ea/N3zCj2Kl+BIihCV7ydvshAgGaDDsLgOSSchiDORUMmSYKMH3FXeKaUr6dKd7e1eScBUpe2+3Q==} - engines: {node: '>=8'} - unpipe@1.0.0: resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==} engines: {node: '>= 0.8'} @@ -17116,10 +17104,6 @@ snapshots: os-tmpdir@1.0.2: {} - ow@0.13.2: - dependencies: - type-fest: 0.5.2 - ow@0.28.2: dependencies: '@sindresorhus/is': 4.6.0 @@ -19254,8 +19238,6 @@ snapshots: type-fest@0.21.3: {} - type-fest@0.5.2: {} - type-fest@0.8.1: {} type-fest@1.4.0: {} @@ -19432,11 +19414,6 @@ snapshots: universalify@2.0.1: {} - universe-log@5.2.0: - dependencies: - ow: 0.13.2 - typescript-chained-error: 1.6.0 - unpipe@1.0.0: {} unquote@1.1.1: {} -- GitLab