@hackylabs/deep-redact 1.0.0 → 2.0.0

package/README.md

@@ -1,12 +1,12 @@
 # Deep Redact
 
-Faster than fast-redact <sup>1</sup> as well as being safer and more configurable than many other redaction libraries,
+Faster than Fast Redact <sup>1</sup> as well as being safer and more configurable than many other redaction libraries,
 Deep Redact is a zero-dependency tool that redacts sensitive information from strings and objects. It is designed to be
 used in a production environment where sensitive information needs to be redacted from logs, error messages, files,
 and other outputs.
 
-Circular references and other unsupported are handled gracefully, and the library is designed to be as fast as possible
-while still being configurable.
+Circular references and other unsupported values are handled gracefully, and the library is designed to be as fast as
+possible while still being configurable.
 
 Supporting both CommonJS and ESM, with named and default exports, Deep Redact is designed to be versatile and easy to
 use in any modern JavaScript or TypeScript project in Node or the browser.
@@ -24,25 +24,33 @@ library outside of your global logging/error-reporting libraries.</h4>
 
 ```typescript
 // ./src/example.ts
-import {DeepRedact} from 'deep-redact'; // If you're using CommonJS, import with require('deep-redact') instead. Both CommonJS and ESM support named and default imports.
+import {DeepRedact} from '@hackylabs/deep-redact'; // If you're using CommonJS, import with require('@hackylabs/deep-redact') instead. Both CommonJS and ESM support named and default imports.
 
 const redaction = new DeepRedact({
-  replacement: '*',
-  replaceStringByLength: true,
-  blacklistedKeys: ['password'],
-  stringTests: [
-    /^[\d]{13,16}$/, // payment card number
-    /^[\d]{3,4}$/ // CVV
-  ],
-});
+  blacklistedKeys: ['sensitive', 'password', /name/i],
+  serialise: false,
+})
 
 const obj = {
-  password: '<h1><strong>Password</strong></h1>',
-  cardNumber: '1234567812345678',
-  cvv: '123',
-};
-
-redaction.redact(obj) // { password: '**********************************', cardNumber: '****************', cvv: '***' }
+  keepThis: 'This is fine',
+  sensitive: 'This is not fine',
+  user: {
+    id: 1,
+    password: '<h1><strong>Password</strong></h1>',
+    firstName: 'John',
+  }
+}
+
+redaction.redact(obj)
+// {
+//  keepThis: 'This is fine',
+//  sensitive: '[REDACTED]',
+//  user: {
+//    id: 1,
+//    password: '[REDACTED]',
+//    firstName: '[REDACTED]'
+//  }
+// }
 ```
 
 ## Configuration
@@ -51,17 +59,17 @@ redaction.redact(obj) // { password: '**********************************', cardN
 
 | key | description | type | options | default | required |
 | --- | --- | --- | --- | --- | --- |
-| blacklistedKeys | Deeply compare names of these keys against the keys in your object. | array | Array<string￨BlacklistKeyConfig> | [] | N |
+| blacklistedKeys | Deeply compare names of these keys against the keys in your object. | array | Array<string￨RegExp￨BlacklistKeyConfig> | [] | N |
 | stringTests | Array of regular expressions to perform against string values, whether that value is a flat string or nested within an object. | array | RegExp[] | [] | N |
 | fuzzyKeyMatch | Loosely compare key names by checking if the key name of your unredacted object is included anywhere within the name of your blacklisted key. For example, is "pass" (your key) included in "password" (from config). | boolean |  | false | N |
 | caseSensitiveKeyMatch | Loosely compare key names by normalising the strings. This involves removing non-word characters and transforms the string to lowercase. This means you never have to worry having to list duplicate keys in different formats such as snake_case, camelCase, PascalCase or any other case. | boolean |  | true | N |
 | remove | Determines whether or not to remove the key from the object when it is redacted. | boolean |  | false | N |
 | retainStructure | Determines whether or not keep all nested values of a key that is going to be redacted. Circular references are always removed. | boolean |  | false | N |
-| replacement | When a value is going to be redacted, what would you like to replace it with? | string |  | [REDACTED] | N |
+| replacement | When a value is going to be redacted, what would you like to replace it with? | string ￨ function |  | [REDACTED] | N |
 | replaceStringByLength | When a string value is going to be replaced, optionally replace it by repeating the `replacement` to match the length of the value. For example, if `replaceStringByLength` were set to `true` and `replacement` was set to "x", then redacting "secret" would return "xxxxxx". This is sometimes useful for debugging purposes, although it may be less secure as it could give hints to the original value. | boolean |  | false | N |
-| types | JS types (values of `typeof` keyword). Only values with a typeof equal to `string`, `number`, `bigint`, `boolean` or `object` may be redacted. The other types are only listed as options to keep TypeScript happy, so you never need to list them. | array | Array<'string'￨'number'￨'bigint'￨'boolean'￨'symbol'￨'undefined'￨'object'￨'function'> | ['string'] | N |
-| serialise | Determines whether or not to serialise the object after redacting. Typical use cases for this are when you want to send it over the network or save to a file, both of which are common use cases for redacting sensitive information. | boolean |  | true | N |
-| unsupportedTransformer | When an unsafe value is encountered or a value that cannot be serialised. By default, this function will transform an unsupported value `Unsupported` object. BigInt values are converted a string. Dates are returned using their own `toISOString` method. Regular expressions are returned as objects with their `source` and `flags` values. Errors are converted objects. This is useful when you have a custom class that you would like to redact. For safety reasons, you should always transform a BigInt to avoid JSON.stringify throwing an error. | (value: unknown) => unknown |  | DeepRedact.transformUnsupported | N |
+| types | JS types (values of `typeof` keyword). Only values with a typeof equal to `string`, `number`, `bigint`, `boolean`, `symbol`, `object`, or `function` will be redacted. Undefined values will never be redacted, although the type `undefined` is included in this list to keep TypeScript happy. | array | Array<'string'￨'number'￨'bigint'￨'boolean'￨'symbol'￨'undefined'￨'object'￨'function'> | ['string'] | N |
+| serialise | Determines whether or not to serialise the object after redacting. Typical use cases for this are when you want to send it over the network or save to a file, both of which are common use cases for redacting sensitive information. | boolean |  | false | N |
+| serialize | Alias of `serialise` for International-English users. | boolean |  | false | N |
 
 ### BlacklistKeyConfig
 
@@ -74,34 +82,31 @@ redaction.redact(obj) // { password: '**********************************', cardN
 | retainStructure | boolean | Main options `retainStructure` | N |
 
 ### Benchmark
-Comparisons are made against JSON.stringify and fast-redact as well as different configurations of deep-redact, using
-[this test object](./test/setup/dummyUser.ts). The benchmark is run on a 2021 iMac with an M1 chip with 16GB memory
-running Sonoma 14.5.
+Comparisons are made against JSON.stringify and Fast Redact as well as different configurations of Deep Redact, using
+[this test object](./test/setup/dummyUser.ts). Fast Redact was configured to redact the same keys on the same object as
+Deep Redact without using wildcards.
+
+The benchmark is run on a 2021 iMac with an M1 chip with 16GB memory running Sonoma 14.5.
 
 JSON.stringify is included as a benchmark because it is the fastest way to deeply iterate over an object although it
 doesn't redact any sensitive information. Fast-redact is included as a benchmark because it's the next fastest redaction
-library available. Neither JSON.stringify nor fast-redact offer the same level of configurability as deep-redact.
+library available. Neither JSON.stringify nor Fast Redact offer the same level of configurability as deep-redact.
 
 ![Benchmark](./benchmark.png)
 
 | scenario | ops / sec | op duration (ms) | margin of error | sample count |
 | --- | --- | --- | --- | --- |
-| JSON.stringify, tiny object | 3878848.93 | 0.0002578084 | 0 | 1939425 |
-| DeepRedact, default config, tiny object | 1530332.28 | 0.0006534529 | 0.00001 | 765167 |
-| JSON.stringify, large object | 295526.11 | 0.0033837958 | 0.00001 | 147764 |
-| fast redact, tiny object | 228053.93 | 0.0043849277 | 0.00002 | 114027 |
-| DeepRedact, default config, large object | 92714.28 | 0.0107858256 | 0.00006 | 46358 |
-| DeepRedact, remove item, single object | 92349.45 | 0.0108284349 | 0.00005 | 46175 |
-| DeepRedact, fuzzy matching, single object | 89414.82 | 0.0111838282 | 0.00007 | 44708 |
-| DeepRedact, fuzzy and case insensitive matching, single object | 87852.36 | 0.0113827334 | 0.00006 | 43927 |
-| DeepRedact, case insensitive matching, single object | 86797.23 | 0.0115211045 | 0.00006 | 43399 |
-| DeepRedact, replace string by length, single object | 84150.95 | 0.011883407 | 0.00006 | 42076 |
-| DeepRedact, config per key, single object | 71236.85 | 0.0140376786 | 0.00009 | 35619 |
-| DeepRedact, retain structure, single object | 69738.86 | 0.0143392076 | 0.00007 | 34870 |
-| fast redact, large object | 19480.95 | 0.0513321865 | 0.00038 | 9741 |
-| JSON.stringify, 1000 tiny objects | 16003.16 | 0.0624876526 | 0.00017 | 8002 |
-| DeepRedact, default config, 1000 tiny objects | 15827.22 | 0.0631822932 | 0.00043 | 7914 |
-| DeepRedact, default config, 1000 large objects | 13705.52 | 0.072963285 | 0.00054 | 6853 |
-| fast redact, 1000 tiny objects | 7430.88 | 0.1345735164 | 0.00067 | 3716 |
-| JSON.stringify, 1000 large objects | 423.52 | 2.3611880519 | 0.00982 | 212 |
-| fast redact, 1000 large objects | 77.32 | 12.9327971026 | 0.25939 | 39 |
+| JSON.stringify, large object | 295500.62 | 0.0033840876 | 0.00002 | 147751 |
+| DeepRedact, remove item, single object | 36272.4 | 0.0275691709 | 0.00016 | 18137 |
+| DeepRedact, custom replacer function, single object | 30314.59 | 0.0329874115 | 0.00028 | 15158 |
+| DeepRedact, default config, large object | 30028.19 | 0.0333020395 | 0.0002 | 15015 |
+| DeepRedact, replace string by length, single object | 28756.9 | 0.0347742688 | 0.00028 | 14379 |
+| DeepRedact, retain structure, single object | 24803.01 | 0.0403176903 | 0.00032 | 12402 |
+| DeepRedact, fuzzy matching, single object | 22243.3 | 0.0449573621 | 0.00038 | 11122 |
+| DeepRedact, config per key, single object | 21603.85 | 0.0462880355 | 0.0013 | 10802 |
+| fast redact, large object | 9529.2 | 0.1049406557 | 0.00064 | 4765 |
+| DeepRedact, case insensitive matching, single object | 6503.72 | 0.1537581959 | 0.00105 | 3252 |
+| DeepRedact, default config, 1000 large objects | 5915.05 | 0.1690602382 | 0.00296 | 2958 |
+| DeepRedact, fuzzy and case insensitive matching, single object | 5591.96 | 0.1788283015 | 0.00184 | 2796 |
+| JSON.stringify, 1000 large objects | 394.41 | 2.5354059248 | 0.01001 | 198 |
+| fast redact, 1000 large objects | 172.23 | 5.8060829174 | 0.06886 | 87 |

package/dist/cjs/index.js

@@ -1,129 +1,152 @@
 "use strict";
+var __rest = (this && this.__rest) || function (s, e) {
+    var t = {};
+    for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
+        t[p] = s[p];
+    if (s != null && typeof Object.getOwnPropertySymbols === "function")
+        for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
+            if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
+                t[p[i]] = s[p[i]];
+        }
+    return t;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DeepRedact = exports.default = void 0;
-const normaliseString = (key) => key.toLowerCase().replace(/\W/g, '');
+const redactorUtils_1 = __importDefault(require("./utils/redactorUtils"));
 class DeepRedact {
+    /**
+     * Create a new DeepRedact instance with the provided configuration.
+     * The configuration will be merged with the default configuration.
+     * `blacklistedKeys` will be normalised to an array inherited from the default configuration as the default values.
+     * @param {DeepRedactConfig} config. The configuration for the redaction.
+     */
     constructor(config) {
-        var _a, _b;
-        this.circularReference = new WeakSet();
+        /**
+         * A WeakSet to store circular references during redaction. Reset to null after redaction is complete.
+         * @private
+         */
+        this.circularReference = null;
+        /**
+         * The configuration for the redaction.
+         * @private
+         */
         this.config = {
-            blacklistedKeys: [],
-            stringTests: [],
-            fuzzyKeyMatch: false,
-            caseSensitiveKeyMatch: true,
-            retainStructure: false,
-            remove: false,
-            replaceStringByLength: false,
-            replacement: '[REDACTED]',
-            types: ['string'],
-            serialise: true,
-            unsupportedTransformer: DeepRedact.unsupportedTransformer,
+            serialise: false,
         };
-        this.removeCircular = (value) => {
-            var _a, _b;
-            if (!(value instanceof Object))
-                return value;
-            if (!((_a = this.circularReference) === null || _a === void 0 ? void 0 : _a.has(value))) {
-                (_b = this.circularReference) === null || _b === void 0 ? void 0 : _b.add(value);
+        /**
+         * A transformer for unsupported data types. If `serialise` is false, the value will be returned as is,
+         * otherwise it will transform the value into a format that is supported by JSON.stringify.
+         *
+         * Error, RegExp, and Date instances are technically supported by JSON.stringify,
+         * but they returned as empty objects, therefore they are also transformed here.
+         * @protected
+         * @param {unknown} value The value that is not supported by JSON.stringify.
+         * @returns {unknown} The value in a format that is supported by JSON.stringify.
+         */
+        this.unsupportedTransformer = (value) => {
+            if (!this.config.serialise)
                 return value;
+            if (typeof value === 'bigint') {
+                return {
+                    __unsupported: {
+                        type: 'bigint',
+                        value: value.toString(),
+                        radix: 10,
+                    },
+                };
             }
-            return '__circular__';
-        };
-        this.redactString = (value, parentShouldRedact = false) => {
-            if (!this.config.stringTests.some((test) => test.test(value)) && !parentShouldRedact)
-                return value;
-            if (this.config.replaceStringByLength)
-                return this.config.replacement.repeat(value.length);
-            return this.config.remove ? undefined : this.config.replacement;
-        };
-        this.shouldRedactObjectValue = (key) => {
-            return this.config.blacklistedKeys.some((redactableKey) => (typeof redactableKey === 'string'
-                ? key === redactableKey
-                : DeepRedact.complexShouldRedact(key, redactableKey)));
-        };
-        this.deepRedact = (value, parentShouldRedact = false) => {
-            if (value === undefined || value === null)
-                return value;
-            let safeValue = this.removeCircular(value);
-            safeValue = this.config.unsupportedTransformer(safeValue);
-            if (!(safeValue instanceof Object)) {
-                // @ts-expect-error - we already know that safeValue is not a function, symbol, undefined, null, or an object
-                if (!this.config.types.includes(typeof safeValue))
-                    return safeValue;
-                if (typeof safeValue === 'string')
-                    return this.redactString(safeValue, parentShouldRedact);
-                if (!parentShouldRedact)
-                    return safeValue;
-                return this.config.remove
-                    ? undefined
-                    : this.config.replacement;
+            if (value instanceof Error) {
+                return {
+                    __unsupported: {
+                        type: 'error',
+                        name: value.name,
+                        message: value.message,
+                        stack: value.stack,
+                    },
+                };
             }
-            if (parentShouldRedact && (!this.config.retainStructure || this.config.remove)) {
-                return this.config.remove ? undefined : this.config.replacement;
+            if (value instanceof RegExp) {
+                return {
+                    __unsupported: {
+                        type: 'regexp',
+                        source: value.source,
+                        flags: value.flags,
+                    },
+                };
+            }
+            if (value instanceof Date)
+                return value.toISOString();
+            return value;
+        };
+        /**
+         * Calls `unsupportedTransformer` on the provided value and rewrites any circular references.
+         *
+         * Circular references will always be removed to avoid infinite recursion.
+         * When a circular reference is found, the value will be replaced with `[[CIRCULAR_REFERENCE: path.to.original.value]]`.
+         * @protected
+         * @param {unknown} value The value to rewrite.
+         * @param {string | undefined} path The path to the value in the object.
+         * @returns {unknown} The rewritten value.
+         */
+        this.rewriteUnsupported = (value, path) => {
+            const safeValue = this.unsupportedTransformer(value);
+            if (!(safeValue instanceof Object))
+                return safeValue;
+            if (this.circularReference === null)
+                this.circularReference = new WeakSet();
+            if (Array.isArray(safeValue)) {
+                return safeValue.map((val, index) => {
+                    var _a, _b;
+                    const newPath = path ? `${path}.[${index}]` : `[${index}]`;
+                    if ((_a = this.circularReference) === null || _a === void 0 ? void 0 : _a.has(val))
+                        return `[[CIRCULAR_REFERENCE: ${newPath}]]`;
+                    if (val instanceof Object) {
+                        (_b = this.circularReference) === null || _b === void 0 ? void 0 : _b.add(val);
+                        return this.rewriteUnsupported(val, newPath);
+                    }
+                    return val;
+                });
             }
-            if (Array.isArray(safeValue))
-                return safeValue.map((val) => this.deepRedact(val, parentShouldRedact));
             return Object.fromEntries(Object.entries(safeValue).map(([key, val]) => {
-                const shouldRedact = parentShouldRedact || this.shouldRedactObjectValue(key);
-                return [key, this.deepRedact(val, shouldRedact)];
+                var _a, _b;
+                const newPath = path ? `${path}.${key}` : key;
+                if ((_a = this.circularReference) === null || _a === void 0 ? void 0 : _a.has(val))
+                    return [key, `[[CIRCULAR_REFERENCE: ${newPath}]]`];
+                if (val instanceof Object)
+                    (_b = this.circularReference) === null || _b === void 0 ? void 0 : _b.add(val);
+                return [key, this.rewriteUnsupported(val, path ? `${path}.${key}` : key)];
             }));
         };
-        this.redact = (value) => {
-            this.circularReference = new WeakSet();
-            const redacted = this.deepRedact(value);
+        /**
+         * Depending on the value of `serialise`, return the value as a JSON string or as the provided value.
+         *
+         * Also resets the `circularReference` property to null after redaction is complete.
+         * This is to ensure that the WeakSet doesn't cause memory leaks.
+         * @private
+         * @param value
+         */
+        this.maybeSerialise = (value) => {
             this.circularReference = null;
-            return this.config.serialise ? JSON.stringify(redacted) : redacted;
+            return this.config.serialise ? JSON.stringify(value) : value;
         };
-        this.config = Object.assign(Object.assign(Object.assign({}, this.config), config), { blacklistedKeys: (_b = (_a = config.blacklistedKeys) === null || _a === void 0 ? void 0 : _a.map((key) => {
-                if (typeof key === 'string')
-                    return key;
-                return Object.assign({ fuzzyKeyMatch: this.config.fuzzyKeyMatch, caseSensitiveKeyMatch: this.config.caseSensitiveKeyMatch, retainStructure: this.config.retainStructure, remove: this.config.remove }, key);
-            })) !== null && _b !== void 0 ? _b : [] });
+        /**
+         * Redact the provided value. The value will be stripped of any circular references and other unsupported data types, before being redacted according to the configuration and finally serialised if required.
+         * @param {unknown} value The value to redact.
+         * @returns {unknown} The redacted value.
+         */
+        this.redact = (value) => {
+            return this.maybeSerialise(this.redactorUtils.recurse(this.rewriteUnsupported(value)));
+        };
+        const { serialise, serialize } = config, rest = __rest(config, ["serialise", "serialize"]);
+        this.redactorUtils = new redactorUtils_1.default(rest);
+        if (serialise !== undefined)
+            this.config.serialise = serialise;
+        if (serialize !== undefined)
+            this.config.serialise = serialize;
     }
 }
 exports.default = DeepRedact;
 exports.DeepRedact = DeepRedact;
-DeepRedact.unsupportedTransformer = (value) => {
-    if (typeof value === 'bigint') {
-        return {
-            __unsupported: {
-                type: 'bigint',
-                value: value.toString(),
-                radix: 10,
-            },
-        };
-    }
-    if (value instanceof Error) {
-        return {
-            __unsupported: {
-                type: 'error',
-                name: value.name,
-                message: value.message,
-                stack: value.stack,
-            },
-        };
-    }
-    if (value instanceof RegExp) {
-        return {
-            __unsupported: {
-                type: 'regexp',
-                source: value.source,
-                flags: value.flags,
-            },
-        };
-    }
-    if (value instanceof Date)
-        return value.toISOString();
-    return value;
-};
-DeepRedact.complexShouldRedact = (key, config) => {
-    if (config.key instanceof RegExp)
-        return config.key.test(key);
-    if (config.fuzzyKeyMatch && config.caseSensitiveKeyMatch)
-        return key.includes(config.key);
-    if (config.fuzzyKeyMatch && !config.caseSensitiveKeyMatch)
-        return normaliseString(key).includes(normaliseString(config.key));
-    if (!config.fuzzyKeyMatch && config.caseSensitiveKeyMatch)
-        return key === config.key;
-    return normaliseString(config.key) === normaliseString(key);
-};

package/dist/cjs/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/utils/redactorUtils.js

@@ -0,0 +1,219 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const defaultConfig = {
+    stringTests: [],
+    blacklistedKeys: [],
+    blacklistedKeysTransformed: [],
+    fuzzyKeyMatch: false,
+    caseSensitiveKeyMatch: true,
+    retainStructure: false,
+    remove: false,
+    replaceStringByLength: false,
+    replacement: '[REDACTED]',
+    types: ['string'],
+};
+class RedactorUtils {
+    constructor(customConfig) {
+        var _a, _b, _c;
+        /**
+         * The configuration for the redaction.
+         * @private
+         */
+        this.config = defaultConfig;
+        /**
+         * Get the configuration for an object key. This will check the key against the transformed blacklisted keys.
+         * @private
+         * @param {string} key The key of the configuration to get.
+         * @returns {Required<BlacklistKeyConfig> | undefined} The configuration for the key.
+         */
+        this.getBlacklistedKeyConfig = (key) => {
+            var _a;
+            if (!key)
+                return undefined;
+            return (_a = this.config.blacklistedKeysTransformed) === null || _a === void 0 ? void 0 : _a.find((redactableKey) => {
+                return RedactorUtils.complexKeyMatch(key, redactableKey);
+            });
+        };
+        /**
+         * Get the recursion configuration for a key. This will check the key against the transformed blacklisted keys.
+         * If the key is found, the configuration for the key will be returned, otherwise undefined.
+         * @private
+         * @param {string} key The key of the configuration to get.
+         * @returns {Required<Pick<BlacklistKeyConfig, 'remove' | 'replacement' | 'retainStructure'>>} The configuration for the key.
+         */
+        this.getRecursionConfig = (key) => {
+            const fallback = {
+                remove: this.config.remove,
+                replacement: this.config.replacement,
+                retainStructure: this.config.retainStructure,
+            };
+            if (!key)
+                return fallback;
+            const blacklistedKeyConfig = this.getBlacklistedKeyConfig(key);
+            if (!blacklistedKeyConfig)
+                return fallback;
+            return {
+                remove: blacklistedKeyConfig.remove,
+                replacement: blacklistedKeyConfig.replacement,
+                retainStructure: blacklistedKeyConfig.retainStructure,
+            };
+        };
+        /**
+         * Determine if a key should be redacted. This will check the key against the blacklisted keys, using the default configuration.
+         * @private
+         * @param {string} key The key to check.
+         * @returns {boolean} Whether the key should be redacted.
+         */
+        this.shouldRedactObjectValue = (key) => {
+            if (!key)
+                return false;
+            return this.config.blacklistedKeysTransformed.some((redactableKey) => {
+                return RedactorUtils.complexKeyMatch(key, redactableKey);
+            });
+        };
+        /**
+         * Redact a string. This will redact the string based on the configuration, redacting the string if it matches a pattern or if the parent key should be redacted.
+         * @private
+         * @param value
+         * @param replacement
+         * @param remove
+         * @param shouldRedact
+         */
+        this.redactString = (value, replacement, remove, shouldRedact) => {
+            if (!value)
+                return value;
+            const { stringTests } = this.config;
+            if (!shouldRedact && !(stringTests === null || stringTests === void 0 ? void 0 : stringTests.some((pattern) => pattern.test(value))))
+                return value;
+            if (remove)
+                return undefined;
+            if (typeof replacement === 'function')
+                return replacement(value);
+            if (this.config.replaceStringByLength)
+                return replacement.repeat(value.length);
+            return replacement;
+        };
+        /**
+         * Redact a primitive value. This will redact the value if it is a supported type, not an object or array, otherwise it will return the value unchanged.
+         * @private
+         * @param {unknown} value The value to redact.
+         * @param {Transformer | string} replacement The replacement value for redacted data.
+         * @param {boolean} remove Whether the redacted data should be removed.
+         * @param {boolean} shouldRedact Whether the value should be redacted based on the parent key.
+         * @returns {unknown} The redacted value.
+         */
+        this.redactPrimitive = (value, replacement, remove, shouldRedact) => {
+            if (!this.config.types.includes(typeof value))
+                return value;
+            if (remove && shouldRedact && typeof value !== 'string')
+                return undefined;
+            if (typeof value === 'string')
+                return this.redactString(value, replacement, remove, shouldRedact);
+            if (!shouldRedact)
+                return value;
+            if (typeof replacement === 'function')
+                return replacement(value);
+            return replacement;
+        };
+        /**
+         * Redact an array. This will redact each value in the array using the `recurse` method.
+         * @private
+         * @param {unknown[]} value The array to redact.
+         * @returns {unknown[]} The redacted array.
+         */
+        this.redactArray = (value) => value.map((val) => this.recurse(val));
+        /**
+         * Redact an object. This will recursively redact the object based on the configuration, redacting the keys and values as required.
+         * @param {Object} value The object to redact.
+         * @param {string | null} key The key of the object if it is part of another object.
+         * @param {boolean} parentShouldRedact Whether the item should be redacted based on the key within the parent object.
+         */
+        this.redactObject = (value, key, parentShouldRedact) => {
+            return Object.fromEntries(Object.entries(value).map(([prop, val]) => {
+                const shouldRedact = parentShouldRedact || this.shouldRedactObjectValue(prop);
+                if (shouldRedact) {
+                    const { remove } = this.getRecursionConfig(prop);
+                    if (remove)
+                        return [];
+                }
+                return [prop, this.recurse(val, key !== null && key !== void 0 ? key : prop, shouldRedact)];
+            }).filter(([prop]) => prop !== undefined));
+        };
+        /**
+         * Redact a value. If the value is an object or array, the redaction will be performed recursively, otherwise the value will be redacted if it is a supported type using the `replace` method.
+         * @private
+         * @param {unknown} value The value to redact.
+         * @param {string | null} key The key of the value if it is part of an object.
+         * @param {boolean} parentShouldRedact Whether the parent object should be redacted.
+         * @returns {unknown} The redacted value.
+         */
+        this.recurse = (value, key, parentShouldRedact) => {
+            if (value === null)
+                return value;
+            const { remove, replacement, retainStructure } = this.getRecursionConfig(key);
+            if (!(value instanceof Object))
+                return this.redactPrimitive(value, replacement, remove, Boolean(key && parentShouldRedact));
+            if (parentShouldRedact) {
+                if (!retainStructure) {
+                    return typeof replacement === 'function'
+                        ? replacement(value)
+                        : replacement;
+                }
+            }
+            if (Array.isArray(value))
+                return this.redactArray(value);
+            return this.redactObject(value, key, parentShouldRedact);
+        };
+        this.config = Object.assign(Object.assign(Object.assign({}, defaultConfig), customConfig), { blacklistedKeys: (_a = customConfig.blacklistedKeys) !== null && _a !== void 0 ? _a : [], blacklistedKeysTransformed: (_c = (_b = customConfig.blacklistedKeys) === null || _b === void 0 ? void 0 : _b.map((key) => {
+                var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+                const isObject = !(typeof key === 'string' || key instanceof RegExp);
+                const setKey = isObject ? key.key : key;
+                const fallback = {
+                    fuzzyKeyMatch: (_a = customConfig.fuzzyKeyMatch) !== null && _a !== void 0 ? _a : defaultConfig.fuzzyKeyMatch,
+                    caseSensitiveKeyMatch: (_b = customConfig.caseSensitiveKeyMatch) !== null && _b !== void 0 ? _b : defaultConfig.caseSensitiveKeyMatch,
+                    retainStructure: (_c = customConfig.retainStructure) !== null && _c !== void 0 ? _c : defaultConfig.retainStructure,
+                    replacement: (_d = customConfig.replacement) !== null && _d !== void 0 ? _d : defaultConfig.replacement,
+                    remove: (_e = customConfig.remove) !== null && _e !== void 0 ? _e : defaultConfig.remove,
+                    key: setKey,
+                };
+                if (isObject) {
+                    return {
+                        fuzzyKeyMatch: (_f = key.fuzzyKeyMatch) !== null && _f !== void 0 ? _f : fallback.fuzzyKeyMatch,
+                        caseSensitiveKeyMatch: (_g = key.caseSensitiveKeyMatch) !== null && _g !== void 0 ? _g : fallback.caseSensitiveKeyMatch,
+                        retainStructure: (_h = key.retainStructure) !== null && _h !== void 0 ? _h : fallback.retainStructure,
+                        replacement: (_j = key.replacement) !== null && _j !== void 0 ? _j : fallback.replacement,
+                        remove: (_k = key.remove) !== null && _k !== void 0 ? _k : fallback.remove,
+                        key: setKey,
+                    };
+                }
+                return fallback;
+            })) !== null && _c !== void 0 ? _c : [] });
+    }
+}
+/**
+ * Normalise a string for comparison. This will convert the string to lowercase and remove any non-word characters.
+ * @private
+ * @param str The string to normalise.
+ * @returns {string} The normalised string.
+ */
+RedactorUtils.normaliseString = (str) => str.toLowerCase().replace(/\W/g, '');
+/**
+ * Determine if a key matches a given blacklistedKeyConfig. This will check the key against the blacklisted keys,
+ * using the configuration option for the given key falling back to the default configuration.
+ * @private
+ * @param {string} key The key to check.
+ * @param {BlacklistKeyConfig} blacklistKeyConfig The configuration for the key.
+ * @returns {boolean} Whether the key should be redacted.
+ */
+RedactorUtils.complexKeyMatch = (key, blacklistKeyConfig) => {
+    if (blacklistKeyConfig.key instanceof RegExp)
+        return blacklistKeyConfig.key.test(key);
+    if (blacklistKeyConfig.fuzzyKeyMatch && blacklistKeyConfig.caseSensitiveKeyMatch)
+        return key.includes(blacklistKeyConfig.key);
+    if (blacklistKeyConfig.fuzzyKeyMatch && !blacklistKeyConfig.caseSensitiveKeyMatch)
+        return RedactorUtils.normaliseString(key).includes(RedactorUtils.normaliseString(blacklistKeyConfig.key));
+    if (!blacklistKeyConfig.fuzzyKeyMatch && blacklistKeyConfig.caseSensitiveKeyMatch)
+        return key === blacklistKeyConfig.key;
+    return RedactorUtils.normaliseString(blacklistKeyConfig.key) === RedactorUtils.normaliseString(key);
+};
+exports.default = RedactorUtils;