@binance/common 2.3.5 → 2.3.7

package/dist/index.d.mts

@@ -749,6 +749,36 @@ declare function sanitizeHeaderValue(value: string | string[]): string | string[
  * and sanitizes remaining header values to prevent injection of carriage return or line feed characters.
  */
 declare function parseCustomHeaders(headers: Record<string, string | string[]>): Record<string, string | string[]>;
+/**
+ * Redacts sensitive fields from a message for safe logging.
+ * Replaces apiKey and signature values with '[REDACTED]' while preserving
+ * the rest of the message structure.
+ *
+ * @param data - The message object to redact.
+ * @returns A new object with sensitive fields redacted.
+ */
+declare function redactMessage(data: {
+  id: string;
+  method: string;
+  params: Record<string, unknown>;
+}): {
+  id: string;
+  method: string;
+  params: Record<string, unknown>;
+};
+/**
+ * Validates that a URL uses a secure (TLS) scheme.
+ *
+ * - For REST API URLs: must use `https://`
+ * - For WebSocket URLs: must use `wss://`
+ *
+ * Logs a warning via the Logger if a non-TLS scheme is detected.
+ *
+ * @param url - The URL string to validate.
+ * @param type - The type of URL being validated: 'rest' or 'websocket'.
+ * @throws {Error} If the URL uses an insecure scheme (http:// or ws://).
+ */
+declare function validateTLSUrl(url: string, type: 'rest' | 'websocket'): void;
 //#endregion
 //#region src/websocket.d.ts
 declare class WebsocketEventEmitter {
@@ -1160,5 +1190,5 @@ interface WebsocketStream<T> {
  */
 declare function createStreamHandler<T>(websocketBase: WebsocketAPIBase | WebsocketStreamsBase, streamOrId: string, id?: number | string, urlPath?: string): WebsocketStream<T>;
 //#endregion
-export { ALGO_REST_API_PROD_URL, ALPHA_REST_API_PROD_URL, AxiosRequestArgs, BadRequestError, C2C_REST_API_PROD_URL, CONVERT_REST_API_PROD_URL, COPY_TRADING_REST_API_PROD_URL, CRYPTO_LOAN_REST_API_PROD_URL, ConfigurationRestAPI, ConfigurationWebsocketAPI, ConfigurationWebsocketStreams, ConnectorClientError, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_PROD_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_DEMO_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_TESTNET_URL, DUAL_INVESTMENT_REST_API_PROD_URL, FIAT_REST_API_PROD_URL, ForbiddenError, GIFT_CARD_REST_API_PROD_URL, LogLevel, Logger, MARGIN_TRADING_REST_API_PROD_URL, MARGIN_TRADING_RISK_WS_STREAMS_PROD_URL, MARGIN_TRADING_WS_STREAMS_PROD_URL, MINING_REST_API_PROD_URL, NFT_REST_API_PROD_URL, NetworkError, NotFoundError, ObjectType, PAY_REST_API_PROD_URL, REBATE_REST_API_PROD_URL, RateLimitBanError, RequestArgs, RequiredError, RestApiRateLimit, RestApiResponse, SIMPLE_EARN_REST_API_PROD_URL, SPOT_REST_API_DEMO_URL, SPOT_REST_API_MARKET_URL, SPOT_REST_API_PROD_URL, SPOT_REST_API_TESTNET_URL, SPOT_WS_API_DEMO_URL, SPOT_WS_API_PROD_URL, SPOT_WS_API_TESTNET_URL, SPOT_WS_STREAMS_DEMO_URL, SPOT_WS_STREAMS_MARKET_URL, SPOT_WS_STREAMS_PROD_URL, SPOT_WS_STREAMS_TESTNET_URL, STAKING_REST_API_PROD_URL, SUB_ACCOUNT_REST_API_PROD_URL, SendMessageOptions, ServerError, TimeUnit, TimerRecord, TooManyRequestsError, UnauthorizedError, VIP_LOAN_REST_API_PROD_URL, WALLET_REST_API_PROD_URL, WebsocketAPIBase, WebsocketApiRateLimit, WebsocketApiResponse, WebsocketCommon, WebsocketConnection, WebsocketEventEmitter, WebsocketSendMsgConfig, WebsocketSendMsgOptions, WebsocketStream, WebsocketStreamsBase, assertParamExists, buildQueryString, buildUserAgent, buildWebsocketAPIMessage, clearSignerCache, createStreamHandler, delay, getSignature, getTimestamp, httpRequestFunction, normalizeScientificNumbers, normalizeStreamId, parseCustomHeaders, parseRateLimitHeaders, randomInteger, randomString, removeEmptyValue, replaceWebsocketStreamsPlaceholders, sanitizeHeaderValue, sendRequest, setSearchParams, shouldRetryRequest, sortObject, toPathString, validateTimeUnit };
+export { ALGO_REST_API_PROD_URL, ALPHA_REST_API_PROD_URL, AxiosRequestArgs, BadRequestError, C2C_REST_API_PROD_URL, CONVERT_REST_API_PROD_URL, COPY_TRADING_REST_API_PROD_URL, CRYPTO_LOAN_REST_API_PROD_URL, ConfigurationRestAPI, ConfigurationWebsocketAPI, ConfigurationWebsocketStreams, ConnectorClientError, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_PROD_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_DEMO_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_TESTNET_URL, DUAL_INVESTMENT_REST_API_PROD_URL, FIAT_REST_API_PROD_URL, ForbiddenError, GIFT_CARD_REST_API_PROD_URL, LogLevel, Logger, MARGIN_TRADING_REST_API_PROD_URL, MARGIN_TRADING_RISK_WS_STREAMS_PROD_URL, MARGIN_TRADING_WS_STREAMS_PROD_URL, MINING_REST_API_PROD_URL, NFT_REST_API_PROD_URL, NetworkError, NotFoundError, ObjectType, PAY_REST_API_PROD_URL, REBATE_REST_API_PROD_URL, RateLimitBanError, RequestArgs, RequiredError, RestApiRateLimit, RestApiResponse, SIMPLE_EARN_REST_API_PROD_URL, SPOT_REST_API_DEMO_URL, SPOT_REST_API_MARKET_URL, SPOT_REST_API_PROD_URL, SPOT_REST_API_TESTNET_URL, SPOT_WS_API_DEMO_URL, SPOT_WS_API_PROD_URL, SPOT_WS_API_TESTNET_URL, SPOT_WS_STREAMS_DEMO_URL, SPOT_WS_STREAMS_MARKET_URL, SPOT_WS_STREAMS_PROD_URL, SPOT_WS_STREAMS_TESTNET_URL, STAKING_REST_API_PROD_URL, SUB_ACCOUNT_REST_API_PROD_URL, SendMessageOptions, ServerError, TimeUnit, TimerRecord, TooManyRequestsError, UnauthorizedError, VIP_LOAN_REST_API_PROD_URL, WALLET_REST_API_PROD_URL, WebsocketAPIBase, WebsocketApiRateLimit, WebsocketApiResponse, WebsocketCommon, WebsocketConnection, WebsocketEventEmitter, WebsocketSendMsgConfig, WebsocketSendMsgOptions, WebsocketStream, WebsocketStreamsBase, assertParamExists, buildQueryString, buildUserAgent, buildWebsocketAPIMessage, clearSignerCache, createStreamHandler, delay, getSignature, getTimestamp, httpRequestFunction, normalizeScientificNumbers, normalizeStreamId, parseCustomHeaders, parseRateLimitHeaders, randomInteger, randomString, redactMessage, removeEmptyValue, replaceWebsocketStreamsPlaceholders, sanitizeHeaderValue, sendRequest, setSearchParams, shouldRetryRequest, sortObject, toPathString, validateTLSUrl, validateTimeUnit };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.d.ts

@@ -749,6 +749,36 @@ declare function sanitizeHeaderValue(value: string | string[]): string | string[
  * and sanitizes remaining header values to prevent injection of carriage return or line feed characters.
  */
 declare function parseCustomHeaders(headers: Record<string, string | string[]>): Record<string, string | string[]>;
+/**
+ * Redacts sensitive fields from a message for safe logging.
+ * Replaces apiKey and signature values with '[REDACTED]' while preserving
+ * the rest of the message structure.
+ *
+ * @param data - The message object to redact.
+ * @returns A new object with sensitive fields redacted.
+ */
+declare function redactMessage(data: {
+  id: string;
+  method: string;
+  params: Record<string, unknown>;
+}): {
+  id: string;
+  method: string;
+  params: Record<string, unknown>;
+};
+/**
+ * Validates that a URL uses a secure (TLS) scheme.
+ *
+ * - For REST API URLs: must use `https://`
+ * - For WebSocket URLs: must use `wss://`
+ *
+ * Logs a warning via the Logger if a non-TLS scheme is detected.
+ *
+ * @param url - The URL string to validate.
+ * @param type - The type of URL being validated: 'rest' or 'websocket'.
+ * @throws {Error} If the URL uses an insecure scheme (http:// or ws://).
+ */
+declare function validateTLSUrl(url: string, type: 'rest' | 'websocket'): void;
 //#endregion
 //#region src/websocket.d.ts
 declare class WebsocketEventEmitter {
@@ -1160,5 +1190,5 @@ interface WebsocketStream<T> {
  */
 declare function createStreamHandler<T>(websocketBase: WebsocketAPIBase | WebsocketStreamsBase, streamOrId: string, id?: number | string, urlPath?: string): WebsocketStream<T>;
 //#endregion
-export { ALGO_REST_API_PROD_URL, ALPHA_REST_API_PROD_URL, AxiosRequestArgs, BadRequestError, C2C_REST_API_PROD_URL, CONVERT_REST_API_PROD_URL, COPY_TRADING_REST_API_PROD_URL, CRYPTO_LOAN_REST_API_PROD_URL, ConfigurationRestAPI, ConfigurationWebsocketAPI, ConfigurationWebsocketStreams, ConnectorClientError, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_PROD_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_DEMO_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_TESTNET_URL, DUAL_INVESTMENT_REST_API_PROD_URL, FIAT_REST_API_PROD_URL, ForbiddenError, GIFT_CARD_REST_API_PROD_URL, LogLevel, Logger, MARGIN_TRADING_REST_API_PROD_URL, MARGIN_TRADING_RISK_WS_STREAMS_PROD_URL, MARGIN_TRADING_WS_STREAMS_PROD_URL, MINING_REST_API_PROD_URL, NFT_REST_API_PROD_URL, NetworkError, NotFoundError, ObjectType, PAY_REST_API_PROD_URL, REBATE_REST_API_PROD_URL, RateLimitBanError, RequestArgs, RequiredError, RestApiRateLimit, RestApiResponse, SIMPLE_EARN_REST_API_PROD_URL, SPOT_REST_API_DEMO_URL, SPOT_REST_API_MARKET_URL, SPOT_REST_API_PROD_URL, SPOT_REST_API_TESTNET_URL, SPOT_WS_API_DEMO_URL, SPOT_WS_API_PROD_URL, SPOT_WS_API_TESTNET_URL, SPOT_WS_STREAMS_DEMO_URL, SPOT_WS_STREAMS_MARKET_URL, SPOT_WS_STREAMS_PROD_URL, SPOT_WS_STREAMS_TESTNET_URL, STAKING_REST_API_PROD_URL, SUB_ACCOUNT_REST_API_PROD_URL, SendMessageOptions, ServerError, TimeUnit, TimerRecord, TooManyRequestsError, UnauthorizedError, VIP_LOAN_REST_API_PROD_URL, WALLET_REST_API_PROD_URL, WebsocketAPIBase, WebsocketApiRateLimit, WebsocketApiResponse, WebsocketCommon, WebsocketConnection, WebsocketEventEmitter, WebsocketSendMsgConfig, WebsocketSendMsgOptions, WebsocketStream, WebsocketStreamsBase, assertParamExists, buildQueryString, buildUserAgent, buildWebsocketAPIMessage, clearSignerCache, createStreamHandler, delay, getSignature, getTimestamp, httpRequestFunction, normalizeScientificNumbers, normalizeStreamId, parseCustomHeaders, parseRateLimitHeaders, randomInteger, randomString, removeEmptyValue, replaceWebsocketStreamsPlaceholders, sanitizeHeaderValue, sendRequest, setSearchParams, shouldRetryRequest, sortObject, toPathString, validateTimeUnit };
+export { ALGO_REST_API_PROD_URL, ALPHA_REST_API_PROD_URL, AxiosRequestArgs, BadRequestError, C2C_REST_API_PROD_URL, CONVERT_REST_API_PROD_URL, COPY_TRADING_REST_API_PROD_URL, CRYPTO_LOAN_REST_API_PROD_URL, ConfigurationRestAPI, ConfigurationWebsocketAPI, ConfigurationWebsocketStreams, ConnectorClientError, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_COIN_FUTURES_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_PROD_URL, DERIVATIVES_TRADING_OPTIONS_REST_API_TESTNET_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_OPTIONS_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_PRO_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_REST_API_TESTNET_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_PORTFOLIO_MARGIN_WS_STREAMS_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_DEMO_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_REST_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_API_TESTNET_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_PROD_URL, DERIVATIVES_TRADING_USDS_FUTURES_WS_STREAMS_TESTNET_URL, DUAL_INVESTMENT_REST_API_PROD_URL, FIAT_REST_API_PROD_URL, ForbiddenError, GIFT_CARD_REST_API_PROD_URL, LogLevel, Logger, MARGIN_TRADING_REST_API_PROD_URL, MARGIN_TRADING_RISK_WS_STREAMS_PROD_URL, MARGIN_TRADING_WS_STREAMS_PROD_URL, MINING_REST_API_PROD_URL, NFT_REST_API_PROD_URL, NetworkError, NotFoundError, ObjectType, PAY_REST_API_PROD_URL, REBATE_REST_API_PROD_URL, RateLimitBanError, RequestArgs, RequiredError, RestApiRateLimit, RestApiResponse, SIMPLE_EARN_REST_API_PROD_URL, SPOT_REST_API_DEMO_URL, SPOT_REST_API_MARKET_URL, SPOT_REST_API_PROD_URL, SPOT_REST_API_TESTNET_URL, SPOT_WS_API_DEMO_URL, SPOT_WS_API_PROD_URL, SPOT_WS_API_TESTNET_URL, SPOT_WS_STREAMS_DEMO_URL, SPOT_WS_STREAMS_MARKET_URL, SPOT_WS_STREAMS_PROD_URL, SPOT_WS_STREAMS_TESTNET_URL, STAKING_REST_API_PROD_URL, SUB_ACCOUNT_REST_API_PROD_URL, SendMessageOptions, ServerError, TimeUnit, TimerRecord, TooManyRequestsError, UnauthorizedError, VIP_LOAN_REST_API_PROD_URL, WALLET_REST_API_PROD_URL, WebsocketAPIBase, WebsocketApiRateLimit, WebsocketApiResponse, WebsocketCommon, WebsocketConnection, WebsocketEventEmitter, WebsocketSendMsgConfig, WebsocketSendMsgOptions, WebsocketStream, WebsocketStreamsBase, assertParamExists, buildQueryString, buildUserAgent, buildWebsocketAPIMessage, clearSignerCache, createStreamHandler, delay, getSignature, getTimestamp, httpRequestFunction, normalizeScientificNumbers, normalizeStreamId, parseCustomHeaders, parseRateLimitHeaders, randomInteger, randomString, redactMessage, removeEmptyValue, replaceWebsocketStreamsPlaceholders, sanitizeHeaderValue, sendRequest, setSearchParams, shouldRetryRequest, sortObject, toPathString, validateTLSUrl, validateTimeUnit };
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -632,6 +632,54 @@ function parseCustomHeaders(headers) {
 	}
 	return parsedHeaders;
 }
+/**
+* Redacts sensitive fields from a message for safe logging.
+* Replaces apiKey and signature values with '[REDACTED]' while preserving
+* the rest of the message structure.
+*
+* @param data - The message object to redact.
+* @returns A new object with sensitive fields redacted.
+*/
+function redactMessage(data) {
+	const SENSITIVE_FIELDS = [
+		"apiKey",
+		"apiSecret",
+		"signature"
+	];
+	const redactedParams = { ...data.params };
+	for (const field of SENSITIVE_FIELDS) if (field in redactedParams) redactedParams[field] = "[REDACTED]";
+	return {
+		...data,
+		params: redactedParams
+	};
+}
+/**
+* Validates that a URL uses a secure (TLS) scheme.
+*
+* - For REST API URLs: must use `https://`
+* - For WebSocket URLs: must use `wss://`
+*
+* Logs a warning via the Logger if a non-TLS scheme is detected.
+*
+* @param url - The URL string to validate.
+* @param type - The type of URL being validated: 'rest' or 'websocket'.
+* @throws {Error} If the URL uses an insecure scheme (http:// or ws://).
+*/
+function validateTLSUrl(url, type) {
+	if (!url) return;
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return;
+	}
+	const scheme = parsed.protocol.toLowerCase();
+	if (type === "rest") {
+		if (scheme === "http:") throw new Error("Insecure URL scheme: REST API basePath must use https://. Using http:// would transmit credentials in cleartext.");
+	} else if (type === "websocket") {
+		if (scheme === "ws:") throw new Error("Insecure URL scheme: WebSocket wsURL must use wss://. Using ws:// would transmit credentials in cleartext.");
+	}
+}
 
 //#endregion
 //#region src/configuration.ts
@@ -1163,7 +1211,7 @@ var WebsocketCommon = class WebsocketCommon extends WebsocketEventEmitter {
 		const req = connection.sessionLogonReq;
 		if (req && !connection.isSessionLoggedOn) {
 			const data = buildWebsocketAPIMessage(this.configuration, req.method, req.payload, req.options);
-			this.logger.debug(`Session re-logon on connection ${connection.id}`, data);
+			this.logger.debug(`Session re-logon on connection ${connection.id}`, redactMessage(data));
 			try {
 				await this.send(JSON.stringify(data), data.id, true, this.configuration.timeout, connection);
 				this.logger.debug(`Session re-logon on connection ${connection.id} was successful.`);
@@ -1494,7 +1542,7 @@ var WebsocketAPIBase = class extends WebsocketCommon {
 		const connections = isSessionReq ? this.getAvailableConnections() : [this.getConnection()];
 		const skipAuth = isSessionReq ? false : this.configuration.autoSessionReLogon && connections[0].isSessionLoggedOn;
 		const data = buildWebsocketAPIMessage(this.configuration, method, payload, options, skipAuth);
-		this.logger.debug("Send message to Binance WebSocket API Server:", data);
+		this.logger.debug("Send message to Binance WebSocket API Server:", redactMessage(data));
 		const responses = await Promise.all(connections.map((connection) => this.send(JSON.stringify(data), data.id, true, this.configuration.timeout, connection)));
 		if (isSessionReq && this.configuration.autoSessionReLogon) connections.forEach((connection) => {
 			if (options.isSessionLogon) {
@@ -1885,6 +1933,7 @@ exports.parseCustomHeaders = parseCustomHeaders;
 exports.parseRateLimitHeaders = parseRateLimitHeaders;
 exports.randomInteger = randomInteger;
 exports.randomString = randomString;
+exports.redactMessage = redactMessage;
 exports.removeEmptyValue = removeEmptyValue;
 exports.replaceWebsocketStreamsPlaceholders = replaceWebsocketStreamsPlaceholders;
 exports.sanitizeHeaderValue = sanitizeHeaderValue;
@@ -1893,5 +1942,6 @@ exports.setSearchParams = setSearchParams;
 exports.shouldRetryRequest = shouldRetryRequest;
 exports.sortObject = sortObject;
 exports.toPathString = toPathString;
+exports.validateTLSUrl = validateTLSUrl;
 exports.validateTimeUnit = validateTimeUnit;
 //# sourceMappingURL=index.js.map