@crimsonsunset/jsg-logger 1.7.14 → 1.7.15

package/README.md

@@ -26,6 +26,7 @@ A sophisticated, fully generic logging system that automatically detects its env
 - 📁 **File-Level Overrides** - Per-file and pattern-based control
 - ⏰ **Timestamp Modes** - Absolute, readable, relative, or disabled
 - 🎛️ **Display Toggles** - Control every aspect of log output
+- 🔒 **Automatic Redaction** - Protect sensitive data in logs (passwords, API keys, tokens)
 - 🎯 **Smart Level Resolution** - Hierarchical level determination
 
 ## 🚀 Quick Start
@@ -290,6 +291,121 @@ logger.controls.setDisplayOption('jsonPayload', false);
 logger.controls.toggleDisplayOption('level');
 ```
 
+## 🔒 **Redaction (Sensitive Data Protection)**
+
+Automatically redact sensitive keys in logged objects to prevent accidental exposure of passwords, API keys, tokens, and other sensitive data.
+
+### **Basic Configuration**
+
+```javascript
+const logger = JSGLogger.getInstanceSync({
+  redact: {
+    paths: ['password', 'token', '*key', '*secret'],
+    censor: '[REDACTED]'
+  }
+});
+
+logger.api.info('User login', {
+  username: 'john',
+  password: 'secret123',      // → [REDACTED]
+  apiKey: 'abc123xyz',        // → [REDACTED] (matches *key)
+  googleApiKey: 'key123',     // → [REDACTED] (matches *key)
+  email: 'john@example.com'  // → visible
+});
+```
+
+### **Pattern Matching**
+
+Redaction supports two pattern types:
+
+- **Exact match**: `'password'`, `'token'` - matches keys exactly
+- **Wildcard suffix**: `'*key'`, `'*secret'` - matches any key ending with the suffix (case-insensitive)
+
+```javascript
+// Wildcard patterns match:
+'*key'     → apiKey, googleApiKey, secretKey, publicKey, API_KEY, api_key
+'*secret'  → secret, secretKey, mySecret, SECRET
+'*apiKey'  → apiKey, googleApiKey, customApiKey
+'*api_key' → api_key, GOOGLE_API_KEY
+```
+
+### **Nested Objects & Arrays**
+
+Redaction works recursively through nested objects and arrays:
+
+```javascript
+logger.info('Config loaded', {
+  user: {
+    name: 'John',
+    password: 'secret',     // → [REDACTED]
+    apiKey: 'key123'        // → [REDACTED]
+  },
+  services: [
+    { name: 'API', token: 'abc' },  // → token: [REDACTED]
+    { name: 'DB', token: 'xyz' }    // → token: [REDACTED]
+  ]
+});
+```
+
+### **Custom Censor Text**
+
+```javascript
+const logger = JSGLogger.getInstanceSync({
+  redact: {
+    paths: ['password'],
+    censor: '***HIDDEN***'  // Custom replacement text
+  }
+});
+```
+
+### **File-Specific Redaction**
+
+Override redaction per file or pattern:
+
+```json
+{
+  "redact": {
+    "paths": ["password", "*key"],
+    "censor": "[REDACTED]"
+  },
+  "fileOverrides": {
+    "src/auth/*.js": {
+      "redact": {
+        "paths": ["password", "token", "*key", "*secret"],
+        "censor": "***"
+      }
+    }
+  }
+}
+```
+
+### **Default Configuration**
+
+Default redaction patterns (if not configured):
+- `password`
+- `token`
+- `*key` (matches any key ending in "key")
+- `*secret` (matches any key ending in "secret")
+- `*apiKey`
+- `*api_key`
+
+Default censor: `[REDACTED]`
+
+### **Disable Redaction**
+
+Set empty paths array to disable:
+
+```javascript
+const logger = JSGLogger.getInstanceSync({
+  redact: {
+    paths: [],  // No redaction
+    censor: '[REDACTED]'
+  }
+});
+```
+
+**Note**: Redaction applies to all formatters (browser, CLI, and server) automatically.
+
 ## 🏗️ Architecture
 
 ```

package/config/config-manager.js

@@ -533,6 +533,32 @@ export class ConfigManager {
         return baseDisplay;
     }
 
+    /**
+     * Get redact configuration with file override support
+     * @param {string} filePath - Optional file path for override checking
+     * @returns {Object} Redact configuration with paths array and censor string
+     */
+    getRedactConfig(filePath = null) {
+        const baseRedact = this.config.redact || {
+            paths: [],
+            censor: '[REDACTED]'
+        };
+
+        // Check for file-specific redact overrides
+        const checkFile = filePath || this.currentFile;
+        if (checkFile) {
+            const fileOverride = this.getFileOverride(checkFile);
+            if (fileOverride && fileOverride.redact) {
+                return {
+                    ...baseRedact,
+                    ...fileOverride.redact
+                };
+            }
+        }
+
+        return baseRedact;
+    }
+
     /**
      * Get project name
      * @returns {string} Project name

package/config/default-config.json

@@ -18,6 +18,10 @@
     "jsonPayload": true,
     "stackTrace": true
   },
+  "redact": {
+    "paths": ["password", "token", "*key", "*secret", "*apiKey", "*api_key"],
+    "censor": "[REDACTED]"
+  },
   "levels": {
     "10": { "name": "TRACE", "emoji": "🔍", "color": "#6C7B7F" },
     "20": { "name": "DEBUG", "emoji": "🐛", "color": "#74B9FF" },

package/examples/advanced-config.json

@@ -16,6 +16,10 @@
     "jsonPayload": true,
     "stackTrace": true
   },
+  "redact": {
+    "paths": ["password", "token", "*key", "*secret", "*apiKey", "*api_key"],
+    "censor": "[REDACTED]"
+  },
   "components": {
     "core": { 
       "emoji": "🎯", 
@@ -116,6 +120,10 @@
       "display": {
         "jsonPayload": true,
         "stackTrace": true
+      },
+      "redact": {
+        "paths": ["password", "token", "*key", "*secret"],
+        "censor": "***"
       }
     },
     "src/database/*.js": {

package/formatters/browser-formatter.js

@@ -5,6 +5,7 @@
  */
 
 import {configManager} from '../config/config-manager.js';
+import {redactValue} from '../utils/redaction.js';
 
 /**
  * Create browser console formatter for a specific component
@@ -28,6 +29,7 @@ export const createBrowserFormatter = (componentName, logStore = null) => {
                 const component = configManager.getComponentConfig(componentName, filePath);
                 const level = configManager.getLevelConfig(logData.level);
                 const displayConfig = configManager.getDisplayConfig(filePath);
+                const redactConfig = configManager.getRedactConfig(filePath);
 
                 // Check if this log should be displayed based on effective level
                 const effectiveLevel = configManager.getEffectiveLevel(componentName, filePath);
@@ -84,7 +86,8 @@ export const createBrowserFormatter = (componentName, logStore = null) => {
                 if (displayConfig.jsonPayload) {
                     const contextData = extractContextData(logData);
                     if (Object.keys(contextData).length > 0) {
-                        displayContextData(contextData);
+                        const redactedData = redactValue(contextData, redactConfig);
+                        displayContextData(redactedData);
                     }
                 }
 
@@ -158,6 +161,7 @@ function extractContextData(logData) {
     return contextData;
 }
 
+
 /**
  * Display context data with tree-like structure
  * @param {Object} contextData - Context data to display

package/formatters/cli-formatter.js

@@ -5,6 +5,7 @@
 
 import { LEVEL_SCHEME } from '../config/component-schemes.js';
 import { configManager } from '../config/config-manager.js';
+import { redactValue } from '../utils/redaction.js';
 
 /**
  * Format a value for display in context tree
@@ -27,6 +28,7 @@ const formatValue = (value) => {
   return String(value);
 };
 
+
 /**
  * Create CLI formatter with context data support
  * @returns {Object} Stream-like object for Pino
@@ -62,10 +64,14 @@ export const createCLIFormatter = () => {
         const contextKeys = Object.keys(log).filter(key => !internalFields.includes(key));
         
         if (contextKeys.length > 0) {
+          // Get redact config and apply redaction
+          const redactConfig = configManager.getRedactConfig();
+          const redactedLog = redactValue(log, redactConfig);
+          
           contextKeys.forEach((key, index) => {
             const isLast = index === contextKeys.length - 1;
             const prefix = isLast ? '   └─' : '   ├─';
-            const value = formatValue(log[key]);
+            const value = formatValue(redactedLog[key]);
             console.log(`${prefix} ${key}: ${value}`);
           });
         }

package/formatters/server-formatter.js

@@ -3,6 +3,8 @@
  * Structured JSON output for production logging and log aggregation
  */
 
+import {configManager} from '../config/config-manager.js';
+
 /**
  * Create server formatter (structured JSON)
  * @returns {null} No custom formatter - uses Pino's default JSON output
@@ -18,6 +20,8 @@ export const createServerFormatter = () => {
  * @returns {Object} Pino configuration for server environments
  */
 export const getServerConfig = () => {
+  const redactConfig = configManager.getRedactConfig();
+  
   return {
     level: 'info', // More conservative logging in production
     formatters: {
@@ -33,10 +37,10 @@ export const getServerConfig = () => {
         };
       }
     },
-    // Redact sensitive information in production
+    // Redact sensitive information in production (configurable)
     redact: {
-      paths: ['password', 'token', 'key', 'secret'],
-      censor: '[REDACTED]'
+      paths: redactConfig.paths.length > 0 ? redactConfig.paths : ['password', 'token', 'key', 'secret'],
+      censor: redactConfig.censor || '[REDACTED]'
     }
   };
 };

package/index.js

@@ -309,12 +309,6 @@ class JSGLogger {
 
             // Create loggers for all available components using default config
             const components = configManager.getAvailableComponents();
-            
-            // Debug: Log components being created during initialization
-            // Note: Using console.log because this.loggers is empty at this point
-            if (components.length > 0) {
-                console.log(`[JSG-LOGGER] Creating ${components.length} loggers during initSync:`, components);
-            }
 
             components.forEach(componentName => {
                 // Use original createLogger to bypass utility method caching
@@ -341,7 +335,7 @@ class JSGLogger {
                     try {
                         callback(currentComponents);
                     } catch (error) {
-                        console.error('Component subscriber error:', error);
+                        metaError('Component subscriber error:', error);
                     }
                 });
             }
@@ -566,7 +560,7 @@ class JSGLogger {
                     try {
                         callback(currentComponents);
                     } catch (error) {
-                        console.error('Component subscriber error (initial call):', error);
+                        this.loggers.core?.error('Component subscriber error (initial call):', error);
                     }
                     // Return unsubscribe function
                     return () => {
@@ -899,7 +893,7 @@ class JSGLogger {
                 try {
                     callback(currentComponents);
                 } catch (error) {
-                    console.error('Component subscriber error:', error);
+                    this.loggers.core?.error('Component subscriber error:', error);
                 }
             });
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crimsonsunset/jsg-logger",
-  "version": "1.7.14",
+  "version": "1.7.15",
   "type": "module",
   "description": "Multi-environment logger with smart detection, file-level overrides, and beautiful console formatting. Test it live: https://logger.joesangiorgio.com/",
   "main": "index.js",

package/utils/redaction.js

@@ -0,0 +1,51 @@
+/**
+ * Redaction utility functions for sensitive data protection
+ * Used by browser, CLI, and server formatters
+ */
+
+/**
+ * Check if a key should be redacted based on patterns
+ * @param {string} key - Key to check
+ * @param {string[]} paths - Array of patterns (exact match or wildcard like *key)
+ * @returns {boolean} Whether key should be redacted
+ */
+export function shouldRedactKey(key, paths) {
+  return paths.some(pattern => {
+    if (pattern.startsWith('*')) {
+      const suffix = pattern.slice(1).toLowerCase();
+      return key.toLowerCase().endsWith(suffix);
+    }
+    return key.toLowerCase() === pattern.toLowerCase();
+  });
+}
+
+/**
+ * Redact sensitive values from an object based on key patterns
+ * @param {*} value - Value to redact (object, array, or primitive)
+ * @param {Object} redactConfig - Redaction configuration with paths and censor
+ * @returns {*} Redacted value
+ */
+export function redactValue(value, redactConfig) {
+  if (!redactConfig || !redactConfig.paths || redactConfig.paths.length === 0) {
+    return value;
+  }
+
+  if (typeof value === 'object' && value !== null && !Array.isArray(value)) {
+    const redacted = {};
+    for (const [key, val] of Object.entries(value)) {
+      if (shouldRedactKey(key, redactConfig.paths)) {
+        redacted[key] = redactConfig.censor || '[REDACTED]';
+      } else {
+        redacted[key] = redactValue(val, redactConfig);
+      }
+    }
+    return redacted;
+  }
+
+  if (Array.isArray(value)) {
+    return value.map(item => redactValue(item, redactConfig));
+  }
+
+  return value;
+}
+