@datdm198x/safe-logger 1.0.0

package/README.md

@@ -0,0 +1,52 @@
+# Safe Logger
+
+A lightweight TypeScript utility to sanitize sensitive information from objects before logging, preventing potential security risks from leaking credentials in logs.
+
+## Features
+
+- Recursive object sanitization.
+- Automatic detection of sensitive fields based on keys (passwords, tokens, API keys, credit cards, PII, etc.).
+- Configurable masking strategies for different data types.
+
+## Installation
+
+```bash
+npm install @datdm198x/safe-logger
+```
+
+## Usage
+
+```typescript
+import { safeLog } from '@datdm198x/safe-logger';
+
+const sensitiveData = {
+  username: 'john_doe',
+  password: 'my-super-secret-password',
+  api_key: 'sk_live_1234567890abcdef',
+  email: 'john.doe@gmail.com'
+};
+
+const sanitizedData = safeLog(sensitiveData);
+console.log(sanitizedData);
+/*
+Output:
+{
+  username: 'john_doe',
+  password: '********',
+  api_key: '********cdef',
+  email: 'j******e@gmail.com'
+}
+*/
+```
+
+## Development
+
+### Build
+```bash
+npm run build
+```
+
+### Testing
+```bash
+npm test
+```

package/dist/index.cjs

@@ -0,0 +1,248 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  maskValue: () => maskValue,
+  safeLog: () => safeLog
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/safe-log.ts
+var DEFAULT_MASK_CHAR = "*";
+function normalizeKey(key) {
+  return key.trim().toLowerCase().replace(/[\s._-]/g, "");
+}
+function maskValue(value, options = {}) {
+  const {
+    visiblePercent = 0.2,
+    minVisible = 2,
+    maskChar = DEFAULT_MASK_CHAR
+  } = options;
+  if (!value) {
+    return value;
+  }
+  const length = value.length;
+  const visible = Math.max(
+    minVisible,
+    Math.floor(length * visiblePercent)
+  );
+  if (visible >= length) {
+    return value;
+  }
+  return maskChar.repeat(length - visible) + value.slice(length - visible);
+}
+function maskPassword() {
+  return "********";
+}
+function maskEmail(email) {
+  const parts = email.split("@");
+  if (parts.length !== 2) {
+    return maskValue(email);
+  }
+  const name = parts[0] ?? "";
+  const domain = parts[1] ?? "";
+  if (name.length <= 2) {
+    return `**@${domain}`;
+  }
+  return name[0] + "*".repeat(name.length - 2) + name[name.length - 1] + "@" + domain;
+}
+function maskPhone(phone) {
+  const digits = phone.replace(/\D/g, "");
+  if (digits.length <= 4) {
+    return phone;
+  }
+  return "*".repeat(digits.length - 4) + digits.slice(-4);
+}
+function maskCreditCard(card) {
+  return maskValue(card.replace(/\s/g, ""), {
+    visiblePercent: 0.25,
+    minVisible: 4
+  });
+}
+function maskToken(token) {
+  return maskValue(token, {
+    visiblePercent: 0.1,
+    minVisible: 4
+  });
+}
+var FIELD_MASKERS = /* @__PURE__ */ new Map([
+  ["password", maskPassword],
+  ["passwd", maskPassword],
+  ["pwd", maskPassword],
+  ["pass", maskToken],
+  ["email", maskEmail],
+  ["phone", maskPhone],
+  ["creditcard", maskCreditCard],
+  ["cvv", () => "***"],
+  // AWS
+  ["awsaccesskeyid", maskToken],
+  ["awssecretaccesskey", maskToken],
+  ["awsregion", maskToken],
+  ["smtpusername", maskToken],
+  ["smtppassword", maskToken],
+  ["sessmtpusername", maskToken],
+  ["sessmtppassword", maskToken],
+  // Security & Auth
+  ["clientid", maskToken],
+  ["clientsecret", maskToken],
+  ["jwtsecret", maskToken],
+  ["encryptionkey", maskToken],
+  ["sshkey", maskToken],
+  ["rsakey", maskToken],
+  ["masterkey", maskToken],
+  ["salt", maskToken],
+  ["encryptionpassword", maskPassword],
+  ["dbpassword", maskPassword],
+  ["dbpass", maskPassword],
+  ["connectionstring", maskToken],
+  ["connstr", maskToken],
+  ["ldapbindpassword", maskPassword],
+  ["stripekey", maskToken],
+  ["stripesecret", maskToken],
+  ["sendgridapikey", maskToken],
+  ["slackwebhookurl", maskToken],
+  ["ssn", maskToken],
+  ["socialsecuritynumber", maskToken],
+  ["nationalid", maskToken],
+  ["passportnumber", maskToken],
+  ["driverslicense", maskToken],
+  ["dob", maskToken],
+  ["dateofbirth", maskToken],
+  ["cardnumber", maskCreditCard],
+  ["cvc", () => "***"],
+  ["accountnumber", maskToken],
+  ["routingnumber", maskToken],
+  // Misc
+  ["username", maskToken],
+  ["userid", maskToken],
+  ["sessionid", maskToken],
+  ["ip", maskToken],
+  ["ipaddress", maskToken],
+  ["macaddress", maskToken],
+  ["jwt", maskToken],
+  ["token", maskToken],
+  ["accesstoken", maskToken],
+  ["refreshtoken", maskToken],
+  ["authorization", maskToken],
+  ["apikey", maskToken],
+  ["secret", maskToken],
+  ["cookie", maskToken],
+  ["privatekey", maskToken],
+  // Database connection strings
+  ["mongouri", maskToken],
+  ["redisuri", maskToken],
+  ["mysqluri", maskToken],
+  ["postgresqluri", maskToken],
+  ["pgsql", maskToken]
+]);
+var SENSITIVE_KEYWORDS = [
+  "password",
+  "passwd",
+  "pwd",
+  "pass",
+  "token",
+  "jwt",
+  "bearer",
+  "secret",
+  "apikey",
+  "accesskey",
+  "authorization",
+  "cookie",
+  "creditcard",
+  "cardnumber",
+  "cvv",
+  "cvc",
+  "otp",
+  "privatekey",
+  "clientsecret",
+  "clientid",
+  "accesstoken",
+  "refreshtoken",
+  "username",
+  "userid",
+  "sessionid",
+  "ipaddress",
+  "encryption",
+  "ssh",
+  "rsa",
+  "master",
+  "salt",
+  "connection",
+  "conn",
+  "ldap",
+  "stripe",
+  "sendgrid",
+  "slack",
+  "ssn",
+  "socialsecurity",
+  "national",
+  "passport",
+  "drivers",
+  "dob",
+  "birth",
+  "account",
+  "routing"
+];
+function isSensitiveKey(key) {
+  const normalized = normalizeKey(key);
+  return SENSITIVE_KEYWORDS.some(
+    (keyword) => normalized.includes(keyword)
+  );
+}
+function sanitize(value) {
+  if (value === null || value === void 0) {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.map(sanitize);
+  }
+  if (typeof value !== "object") {
+    return value;
+  }
+  const obj = value;
+  return Object.fromEntries(
+    Object.entries(obj).map(([key, value2]) => {
+      if (typeof value2 === "string") {
+        const normalized = normalizeKey(key);
+        const masker = FIELD_MASKERS.get(normalized);
+        if (masker) {
+          return [key, masker(value2)];
+        }
+        if (isSensitiveKey(normalized)) {
+          return [key, maskToken(value2)];
+        }
+        return [key, value2];
+      }
+      if (value2 && typeof value2 === "object") {
+        return [key, sanitize(value2)];
+      }
+      return [key, value2];
+    })
+  );
+}
+function safeLog(value) {
+  return sanitize(value);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  maskValue,
+  safeLog
+});

package/dist/index.d.cts

@@ -0,0 +1,20 @@
+/**
+ * ============================================================================
+ * Safe Logger Utility
+ * ============================================================================
+ */
+interface MaskOptions {
+    visiblePercent?: number;
+    minVisible?: number;
+    maskChar?: string;
+}
+/**
+ * Generic masking
+ */
+declare function maskValue(value: string, options?: MaskOptions): string;
+/**
+ * Public API
+ */
+declare function safeLog<T>(value: T): T;
+
+export { maskValue, safeLog };

package/dist/index.d.ts

@@ -0,0 +1,20 @@
+/**
+ * ============================================================================
+ * Safe Logger Utility
+ * ============================================================================
+ */
+interface MaskOptions {
+    visiblePercent?: number;
+    minVisible?: number;
+    maskChar?: string;
+}
+/**
+ * Generic masking
+ */
+declare function maskValue(value: string, options?: MaskOptions): string;
+/**
+ * Public API
+ */
+declare function safeLog<T>(value: T): T;
+
+export { maskValue, safeLog };

package/dist/index.js

@@ -0,0 +1,220 @@
+// src/safe-log.ts
+var DEFAULT_MASK_CHAR = "*";
+function normalizeKey(key) {
+  return key.trim().toLowerCase().replace(/[\s._-]/g, "");
+}
+function maskValue(value, options = {}) {
+  const {
+    visiblePercent = 0.2,
+    minVisible = 2,
+    maskChar = DEFAULT_MASK_CHAR
+  } = options;
+  if (!value) {
+    return value;
+  }
+  const length = value.length;
+  const visible = Math.max(
+    minVisible,
+    Math.floor(length * visiblePercent)
+  );
+  if (visible >= length) {
+    return value;
+  }
+  return maskChar.repeat(length - visible) + value.slice(length - visible);
+}
+function maskPassword() {
+  return "********";
+}
+function maskEmail(email) {
+  const parts = email.split("@");
+  if (parts.length !== 2) {
+    return maskValue(email);
+  }
+  const name = parts[0] ?? "";
+  const domain = parts[1] ?? "";
+  if (name.length <= 2) {
+    return `**@${domain}`;
+  }
+  return name[0] + "*".repeat(name.length - 2) + name[name.length - 1] + "@" + domain;
+}
+function maskPhone(phone) {
+  const digits = phone.replace(/\D/g, "");
+  if (digits.length <= 4) {
+    return phone;
+  }
+  return "*".repeat(digits.length - 4) + digits.slice(-4);
+}
+function maskCreditCard(card) {
+  return maskValue(card.replace(/\s/g, ""), {
+    visiblePercent: 0.25,
+    minVisible: 4
+  });
+}
+function maskToken(token) {
+  return maskValue(token, {
+    visiblePercent: 0.1,
+    minVisible: 4
+  });
+}
+var FIELD_MASKERS = /* @__PURE__ */ new Map([
+  ["password", maskPassword],
+  ["passwd", maskPassword],
+  ["pwd", maskPassword],
+  ["pass", maskToken],
+  ["email", maskEmail],
+  ["phone", maskPhone],
+  ["creditcard", maskCreditCard],
+  ["cvv", () => "***"],
+  // AWS
+  ["awsaccesskeyid", maskToken],
+  ["awssecretaccesskey", maskToken],
+  ["awsregion", maskToken],
+  ["smtpusername", maskToken],
+  ["smtppassword", maskToken],
+  ["sessmtpusername", maskToken],
+  ["sessmtppassword", maskToken],
+  // Security & Auth
+  ["clientid", maskToken],
+  ["clientsecret", maskToken],
+  ["jwtsecret", maskToken],
+  ["encryptionkey", maskToken],
+  ["sshkey", maskToken],
+  ["rsakey", maskToken],
+  ["masterkey", maskToken],
+  ["salt", maskToken],
+  ["encryptionpassword", maskPassword],
+  ["dbpassword", maskPassword],
+  ["dbpass", maskPassword],
+  ["connectionstring", maskToken],
+  ["connstr", maskToken],
+  ["ldapbindpassword", maskPassword],
+  ["stripekey", maskToken],
+  ["stripesecret", maskToken],
+  ["sendgridapikey", maskToken],
+  ["slackwebhookurl", maskToken],
+  ["ssn", maskToken],
+  ["socialsecuritynumber", maskToken],
+  ["nationalid", maskToken],
+  ["passportnumber", maskToken],
+  ["driverslicense", maskToken],
+  ["dob", maskToken],
+  ["dateofbirth", maskToken],
+  ["cardnumber", maskCreditCard],
+  ["cvc", () => "***"],
+  ["accountnumber", maskToken],
+  ["routingnumber", maskToken],
+  // Misc
+  ["username", maskToken],
+  ["userid", maskToken],
+  ["sessionid", maskToken],
+  ["ip", maskToken],
+  ["ipaddress", maskToken],
+  ["macaddress", maskToken],
+  ["jwt", maskToken],
+  ["token", maskToken],
+  ["accesstoken", maskToken],
+  ["refreshtoken", maskToken],
+  ["authorization", maskToken],
+  ["apikey", maskToken],
+  ["secret", maskToken],
+  ["cookie", maskToken],
+  ["privatekey", maskToken],
+  // Database connection strings
+  ["mongouri", maskToken],
+  ["redisuri", maskToken],
+  ["mysqluri", maskToken],
+  ["postgresqluri", maskToken],
+  ["pgsql", maskToken]
+]);
+var SENSITIVE_KEYWORDS = [
+  "password",
+  "passwd",
+  "pwd",
+  "pass",
+  "token",
+  "jwt",
+  "bearer",
+  "secret",
+  "apikey",
+  "accesskey",
+  "authorization",
+  "cookie",
+  "creditcard",
+  "cardnumber",
+  "cvv",
+  "cvc",
+  "otp",
+  "privatekey",
+  "clientsecret",
+  "clientid",
+  "accesstoken",
+  "refreshtoken",
+  "username",
+  "userid",
+  "sessionid",
+  "ipaddress",
+  "encryption",
+  "ssh",
+  "rsa",
+  "master",
+  "salt",
+  "connection",
+  "conn",
+  "ldap",
+  "stripe",
+  "sendgrid",
+  "slack",
+  "ssn",
+  "socialsecurity",
+  "national",
+  "passport",
+  "drivers",
+  "dob",
+  "birth",
+  "account",
+  "routing"
+];
+function isSensitiveKey(key) {
+  const normalized = normalizeKey(key);
+  return SENSITIVE_KEYWORDS.some(
+    (keyword) => normalized.includes(keyword)
+  );
+}
+function sanitize(value) {
+  if (value === null || value === void 0) {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.map(sanitize);
+  }
+  if (typeof value !== "object") {
+    return value;
+  }
+  const obj = value;
+  return Object.fromEntries(
+    Object.entries(obj).map(([key, value2]) => {
+      if (typeof value2 === "string") {
+        const normalized = normalizeKey(key);
+        const masker = FIELD_MASKERS.get(normalized);
+        if (masker) {
+          return [key, masker(value2)];
+        }
+        if (isSensitiveKey(normalized)) {
+          return [key, maskToken(value2)];
+        }
+        return [key, value2];
+      }
+      if (value2 && typeof value2 === "object") {
+        return [key, sanitize(value2)];
+      }
+      return [key, value2];
+    })
+  );
+}
+function safeLog(value) {
+  return sanitize(value);
+}
+export {
+  maskValue,
+  safeLog
+};

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@datdm198x/safe-logger",
+  "version": "1.0.0",
+  "description": "Safe logger utility",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "test": "vitest run",
+    "build": "tsup src/index.ts --format cjs,esm --dts",
+    "prepare": "npm run build"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dat-dao-c2c/safe-logger.git"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "module",
+  "bugs": {
+    "url": "https://github.com/dat-dao-c2c/safe-logger/issues"
+  },
+  "homepage": "https://github.com/dat-dao-c2c/safe-logger#readme",
+  "dependencies": {
+    "tsup": "^8.5.1",
+    "typescript": "^6.0.3"
+  },
+  "devDependencies": {
+    "@types/node": "^26.0.1",
+    "vitest": "^4.1.9"
+  }
+}