Skip to content

Allow configuration of the library's logging #2081

New issue
New issue
Closed
#2300
#2096
Closed
Allow configuration of the library's logging#2081
#2300
#2096
@spencerschrock

Description

@spencerschrock
spencerschrock
opened on Jul 16, 2025

The OpenSSF Scorecard project uses osv-scanner as a library, specifically osvscanner.DoScan. I experimented briefly with the migration to v2 recently and started getting a flood of logs to our stderr which are originating from osv-scanner.

2025/07/16 11:03:49 INFO Scanning dir <...>
2025/07/16 11:04:15 ERROR Error during extraction: (extracting as java/pomxmlnet) failed resolving
2025/07/16 11:04:39 INFO Scanned <...>/package-lock.json file and found 1568 packages

Is there anyway to introduce a control to disable cmdlogger's output? It seems most of the codebase uses cmdlogger.Info (and friends), which write to the default (global) slog handler.

osv-scanner/internal/cmdlogger/fmt.go

Lines 8 to 22 in 6515dc0

func Debugf(msg string, args ...any) {
slog.Debug(fmt.Sprintf(msg, args...))
}
func Infof(msg string, args ...any) {
slog.Info(fmt.Sprintf(msg, args...))
}
func Warnf(msg string, args ...any) {
slog.Warn(fmt.Sprintf(msg, args...))
}
func Errorf(msg string, args ...any) {
slog.Error(fmt.Sprintf(msg, args...))
}

I can set the slog default to something which would ignore it, like slog.DiscardHandler, but this would break many of our own logging.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions