Skip to content

alchemmist/loglint

BranchesTags

Repository files navigation

loglint

loglint is a Go static analyzer that checks log messages for common quality and safety issues. It is designed to run as a golangci-lint plugin and focuses on message text hygiene and sensitive data leaks.

Rules

# Rule Description
1 lowercase_start Log messages must start with a lowercase letter
2 english_only Log messages must contain English text only
3 no_special_chars Log messages must not contain emojis or any punctuation/special characters
4 no_sensitive_data Log messages must not include sensitive data (by keyword matching)

Supported loggers

  • log/slog (standard structured logger)
  • go.uber.org/zap (Logger and SugaredLogger)
  • log (standard library logger)

Installation

Build from source

make build

Build the golangci-lint plugin

make plugin

Standalone CLI

Build:

make build

Run:

./loglint ./...

You can also pass -config or -fix:

./loglint -config /path/to/.loglint.yml ./...
./loglint -fix ./...

Usage

As a golangci-lint plugin

  1. Build the plugin:
make plugin
  1. Add it to .golangci.yml:
linters-settings:
  custom:
    loglint:
      path: ./loglint.so
      description: "Linter for checking log messages"
      original-url: github.com/alchemmist/loglint

linters:
  enable:
    - loglint
  1. Run:
golangci-lint run

Configuration

Create a configuration file in your project root:

  • .loglint.yml
  • .loglint.yaml
  • .loglint.json

The analyzer searches the current directory and all parent directories.

Example (YAML)

rules:
  lowercase_start: true
  english_only: true
  no_special_chars: true
  no_sensitive_data: true

patterns:
  sensitive_keywords:
    - password
    - secret
    - token
    - api_key
    - private_key
    - my_custom_secret

Example (JSON)

{
  "rules": {
    "lowercase_start": true,
    "english_only": true,
    "no_special_chars": true,
    "no_sensitive_data": true
  },
  "patterns": {
    "sensitive_keywords": ["password", "secret", "token", "api_key", "private_key"]
  }
}

Auto-fix

The analyzer can apply suggested fixes for:

  • Rule 1: convert the first character to lowercase
  • Rule 3: remove emojis/special characters

Use the -fix flag when running through golangci-lint.

Notes and limitations

  • Rules 1-3 only run when the log message is a string literal.
  • Rule 4 scans identifiers inside the message expression and subsequent arguments for sensitive keywords.

Development

# Install dev tools
make tools

# Run tests
make test

# Run tests with coverage report
make test-cover

# Run vet, formatting checks, golangci-lint, and staticcheck
make check

# Format the codebase (gofmt + gofumpt)
make fmt

# Clean build artifacts and local caches
make clean

Project layout

cmd/           # Standalone CLI entrypoint (stub)
pkg/analyzer/  # Analyzer implementation, rules, and config
plugin/        # golangci-lint plugin
testdata/      # Analyzer test fixtures

License

MIT

References

About

Check log messaging in Go code

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages