The OpenSSF Scorecard project uses osv-scanner as a library, specifically osvscanner.DoScan. I experimented briefly with the migration to v2 recently and started getting a flood of logs to our stderr which are originating from osv-scanner.
2025/07/16 11:03:49 INFO Scanning dir <...>
2025/07/16 11:04:15 ERROR Error during extraction: (extracting as java/pomxmlnet) failed resolving
2025/07/16 11:04:39 INFO Scanned <...>/package-lock.json file and found 1568 packages
Is there anyway to introduce a control to disable cmdlogger's output? It seems most of the codebase uses cmdlogger.Info (and friends), which write to the default (global) slog handler.
|
func Debugf(msg string, args ...any) { |
|
slog.Debug(fmt.Sprintf(msg, args...)) |
|
} |
|
|
|
func Infof(msg string, args ...any) { |
|
slog.Info(fmt.Sprintf(msg, args...)) |
|
} |
|
|
|
func Warnf(msg string, args ...any) { |
|
slog.Warn(fmt.Sprintf(msg, args...)) |
|
} |
|
|
|
func Errorf(msg string, args ...any) { |
|
slog.Error(fmt.Sprintf(msg, args...)) |
|
} |
I can set the slog default to something which would ignore it, like slog.DiscardHandler, but this would break many of our own logging.
The OpenSSF Scorecard project uses osv-scanner as a library, specifically
osvscanner.DoScan. I experimented briefly with the migration to v2 recently and started getting a flood of logs to our stderr which are originating from osv-scanner.Is there anyway to introduce a control to disable
cmdlogger's output? It seems most of the codebase usescmdlogger.Info(and friends), which write to the default (global) slog handler.osv-scanner/internal/cmdlogger/fmt.go
Lines 8 to 22 in 6515dc0
I can set the slog default to something which would ignore it, like slog.DiscardHandler, but this would break many of our own logging.