Error & Logging Best Practices

Logging passwords, tokens, full user objects, or payment data to the console sends that data to your log aggregator in plaintext.

Returning stack traces or internal error details in API responses reveals your file structure, library versions, and code paths to attackers.

Without error boundaries, a JavaScript error in any component crashes the entire React tree and shows a blank screen to the user.

Not logging security events (failed logins, permission denials, suspicious actions) means you can't detect attacks in progress or reconstruct what happened after a breach.

Logging personally identifiable information (email, full name, IP address, phone number) creates privacy and compliance risks under GDPR and CCPA.