npm - @geekmidas/logger - Versions diffs - 0.0.1 → 0.2.0 - Mend

@geekmidas/logger 0.0.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/README.md +114 -7
package/dist/console.cjs +75 -17
package/dist/console.cjs.map +1 -1
package/dist/console.d.cts +31 -7
package/dist/console.d.mts +31 -7
package/dist/console.mjs +76 -18
package/dist/console.mjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.mts +2 -2
package/dist/pino.cjs +42 -1
package/dist/pino.cjs.map +1 -1
package/dist/pino.d.cts +23 -3
package/dist/pino.d.mts +23 -3
package/dist/pino.mjs +42 -2
package/dist/pino.mjs.map +1 -1
package/dist/redact-paths-Br-tI2GZ.d.cts +18 -0
package/dist/redact-paths-CIsuxHH7.d.mts +18 -0
package/dist/redact-paths-D0m0DIuQ.cjs +73 -0
package/dist/redact-paths-D0m0DIuQ.cjs.map +1 -0
package/dist/redact-paths-DQoIXhkS.mjs +67 -0
package/dist/redact-paths-DQoIXhkS.mjs.map +1 -0
package/dist/redact-paths.cjs +3 -0
package/dist/redact-paths.d.cts +2 -0
package/dist/redact-paths.d.mts +2 -0
package/dist/redact-paths.mjs +3 -0
package/dist/{types-C1RfRbo6.d.mts → types-Bga8WDuP.d.mts} +86 -2
package/dist/{types-DXdmn7h5.d.cts → types-JxCFymH0.d.cts} +86 -2
package/dist/types-ag_0Cvbg.cjs.map +1 -1
package/dist/types-yQ6XOihF.mjs.map +1 -1
package/dist/types.d.cts +2 -2
package/dist/types.d.mts +2 -2
package/package.json +10 -1
package/src/__tests__/console.spec.ts +277 -140
package/src/__tests__/pino-redaction.integration.spec.ts +307 -0
package/src/__tests__/pino.spec.ts +199 -0
package/src/console.ts +95 -23
package/src/index.ts +1 -0
package/src/pino.ts +105 -2
package/src/redact-paths.ts +71 -0
package/src/types.ts +87 -0

package/src/pino.ts CHANGED Viewed

@@ -1,7 +1,105 @@
+/**
+ * Pino logger with built-in redaction support for sensitive data.
+ *
+ * @example
+ * ```typescript
+ * import { createLogger, DEFAULT_REDACT_PATHS } from '@geekmidas/logger/pino';
+ *
+ * // Enable redaction with sensible defaults
+ * const logger = createLogger({ redact: true });
+ *
+ * // Sensitive data is automatically masked
+ * logger.info({ password: 'secret123', user: 'john' }, 'Login');
+ * // Output: { password: '[Redacted]', user: 'john' } Login
+ *
+ * // Add custom paths (merged with defaults)
+ * const logger2 = createLogger({ redact: ['user.ssn'] });
+ *
+ * // Override defaults for full control
+ * const logger3 = createLogger({
+ *   redact: {
+ *     paths: ['onlyThis'],
+ *     resolution: 'override',
+ *   }
+ * });
+ * ```
+ *
+ * @module
+ */
 import { pino } from 'pino';
-import type { CreateLoggerOptions } from './types';
+import { DEFAULT_REDACT_PATHS } from './redact-paths';
+import type { CreateLoggerOptions, RedactOptions } from './types';
-export function createLogger(options: CreateLoggerOptions) {
+// Re-export for backwards compatibility
+export { DEFAULT_REDACT_PATHS } from './redact-paths';
+/**
+ * Type for the resolved pino redact config (without our custom resolution field).
+ */
+type PinoRedactConfig =
+  | string[]
+  | {
+      paths: string[];
+      censor?: string | ((value: unknown, path: string[]) => unknown);
+      remove?: boolean;
+    };
+/**
+ * Resolves redaction configuration from options.
+ * Returns undefined if redaction is disabled, or a pino-compatible redact config.
+ *
+ * By default (resolution: 'merge'), custom paths are merged with DEFAULT_REDACT_PATHS.
+ * With resolution: 'override', only the custom paths are used.
+ */
+function resolveRedactConfig(
+  redact: boolean | RedactOptions | undefined,
+): PinoRedactConfig | undefined {
+  if (redact === undefined || redact === false) {
+    return undefined;
+  }
+  if (redact === true) {
+    return DEFAULT_REDACT_PATHS;
+  }
+  // Array syntax - merge with defaults
+  if (Array.isArray(redact)) {
+    return [...DEFAULT_REDACT_PATHS, ...redact];
+  }
+  // Object syntax - check resolution mode
+  const { resolution = 'merge', paths, censor, remove } = redact;
+  const resolvedPaths =
+    resolution === 'override' ? paths : [...DEFAULT_REDACT_PATHS, ...paths];
+  // Return clean pino config without our resolution field
+  const config: PinoRedactConfig = { paths: resolvedPaths };
+  if (censor !== undefined) config.censor = censor;
+  if (remove !== undefined) config.remove = remove;
+  return config;
+}
+/**
+ * Creates a pino logger instance with optional redaction support.
+ *
+ * @param options - Logger configuration options
+ * @returns A configured pino logger instance
+ *
+ * @example
+ * ```typescript
+ * // Basic logger
+ * const logger = createLogger({ level: 'debug' });
+ *
+ * // With redaction enabled
+ * const secureLogger = createLogger({ redact: true });
+ *
+ * // Pretty printing in development
+ * const devLogger = createLogger({ pretty: true, redact: true });
+ * ```
+ */
+export function createLogger(options: CreateLoggerOptions = {}) {
   // @ts-ignore
   const pretty = options?.pretty && process.NODE_ENV !== 'production';
   const baseOptions = pretty
@@ -12,8 +110,13 @@ export function createLogger(options: CreateLoggerOptions) {
         },
       }
     : {};
+  const redact = resolveRedactConfig(options.redact);
   return pino({
     ...baseOptions,
+    ...(options.level && { level: options.level }),
+    ...(redact && { redact }),
     formatters: {
       bindings() {
         return { nodeVersion: process.version };

package/src/redact-paths.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Default sensitive field paths for redaction.
+ *
+ * These paths are automatically used when `redact: true` is set,
+ * and merged with custom paths unless `resolution: 'override'` is specified.
+ *
+ * Includes:
+ * - Authentication: password, token, apiKey, authorization, credentials
+ * - Headers: authorization, cookie, x-api-key, x-auth-token
+ * - Personal data: ssn, creditCard, cvv, pin
+ * - Secrets: secret, connectionString, databaseUrl
+ * - Wildcards: *.password, *.secret, *.token (catches nested fields)
+ */
+export const DEFAULT_REDACT_PATHS: string[] = [
+  // Authentication & authorization
+  'password',
+  'pass',
+  'passwd',
+  'secret',
+  'token',
+  'accessToken',
+  'refreshToken',
+  'idToken',
+  'apiKey',
+  'api_key',
+  'apikey',
+  'auth',
+  'authorization',
+  'credential',
+  'credentials',
+  // Common nested patterns (headers, body, etc.)
+  '*.password',
+  '*.secret',
+  '*.token',
+  '*.apiKey',
+  '*.api_key',
+  '*.authorization',
+  '*.accessToken',
+  '*.refreshToken',
+  // HTTP headers (case variations)
+  'headers.authorization',
+  'headers.Authorization',
+  'headers["authorization"]',
+  'headers["Authorization"]',
+  'headers.cookie',
+  'headers.Cookie',
+  'headers["x-api-key"]',
+  'headers["X-Api-Key"]',
+  'headers["x-auth-token"]',
+  'headers["X-Auth-Token"]',
+  // Common sensitive data fields
+  'ssn',
+  'socialSecurityNumber',
+  'social_security_number',
+  'creditCard',
+  'credit_card',
+  'cardNumber',
+  'card_number',
+  'cvv',
+  'cvc',
+  'pin',
+  // Database & connection strings
+  'connectionString',
+  'connection_string',
+  'databaseUrl',
+  'database_url',
+];

package/src/types.ts CHANGED Viewed

@@ -74,7 +74,94 @@ export enum LogLevel {
   Silent = 'silent',
 }
+/**
+ * Redaction configuration for masking sensitive data in logs.
+ * Uses pino's fast-redact library under the hood.
+ *
+ * By default, custom paths are merged with the default sensitive paths.
+ * Use `resolution: 'override'` to use only your custom paths.
+ *
+ * @example
+ * ```typescript
+ * // Simple path array (merges with defaults)
+ * redact: ['user.ssn', 'custom.field']
+ *
+ * // Override defaults completely
+ * redact: {
+ *   paths: ['only.these.paths'],
+ *   resolution: 'override',
+ * }
+ *
+ * // With custom censor
+ * redact: {
+ *   paths: ['extra.secret'],
+ *   censor: '***',
+ * }
+ *
+ * // Remove fields entirely
+ * redact: {
+ *   paths: ['temporary.data'],
+ *   remove: true,
+ * }
+ * ```
+ */
+export type RedactOptions =
+  | string[]
+  | {
+      /** Paths to redact using dot notation or bracket notation for special chars */
+      paths: string[];
+      /** Custom replacement text (default: '[REDACTED]') */
+      censor?: string | ((value: unknown, path: string[]) => unknown);
+      /** Remove the field entirely instead of replacing (default: false) */
+      remove?: boolean;
+      /**
+       * How to combine custom paths with default sensitive paths.
+       * - 'merge': Custom paths are added to default paths (default)
+       * - 'override': Only custom paths are used, defaults are ignored
+       */
+      resolution?: 'merge' | 'override';
+    };
 export type CreateLoggerOptions = {
+  /** Enable pretty printing with colors (disabled in production) */
   pretty?: boolean;
+  /** Minimum log level to output */
   level?: LogLevel;
+  /**
+   * Redaction configuration for masking sensitive data.
+   *
+   * - `true`: Uses default sensitive paths (password, token, secret, etc.)
+   * - `false` or `undefined`: No redaction applied
+   * - `string[]`: Custom paths merged with defaults
+   * - `object`: Advanced config with paths, censor, remove, and resolution options
+   *
+   * By default, custom paths are **merged** with the default sensitive paths.
+   * Use `resolution: 'override'` to disable defaults and use only your paths.
+   *
+   * @example
+   * ```typescript
+   * // Use defaults only
+   * createLogger({ redact: true });
+   *
+   * // Add custom paths (merged with defaults)
+   * createLogger({ redact: ['user.ssn', 'custom.field'] });
+   *
+   * // Override defaults completely
+   * createLogger({
+   *   redact: {
+   *     paths: ['only.these.paths'],
+   *     resolution: 'override',
+   *   }
+   * });
+   *
+   * // Merge with custom censor
+   * createLogger({
+   *   redact: {
+   *     paths: ['extra.secret'],
+   *     censor: '***',
+   *   }
+   * });
+   * ```
+   */
+  redact?: boolean | RedactOptions;
 };