@hackylabs/deep-redact 2.1.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +50 -22
- package/dist/cjs/index.js +14 -4
- package/dist/cjs/utils/redactorUtils.js +25 -13
- package/dist/esm/index.mjs +14 -4
- package/dist/esm/utils/redactorUtils.mjs +23 -10
- package/dist/types/index.d.ts +3 -0
- package/dist/types/types.d.ts +18 -4
- package/dist/types/utils/redactorUtils.d.ts +1 -0
- package/package.json +1 -1
package/LICENSE
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
MIT License
|
|
2
2
|
|
|
3
|
-
Copyright (c)
|
|
3
|
+
Copyright (c) 2025 Benjamin Green (https://bengreen.dev)
|
|
4
4
|
|
|
5
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
6
|
of this software and associated documentation files (the "Software"), to deal
|
package/README.md
CHANGED
|
@@ -6,7 +6,9 @@
|
|
|
6
6
|
Faster than Fast Redact <sup>1</sup> as well as being safer and more configurable than many other redaction solutions,
|
|
7
7
|
Deep Redact is a zero-dependency tool that redacts sensitive information from strings and objects. It is designed to be
|
|
8
8
|
used in a production environment where sensitive information needs to be redacted from logs, error messages, files,
|
|
9
|
-
and other outputs.
|
|
9
|
+
and other outputs. Supporting both strings and objects or a mix of both, Deep Redact can be used to redact sensitive
|
|
10
|
+
information from more data structures than any other redaction library. Even partially redacting sensitive information
|
|
11
|
+
from strings is supported, by way of custom regex patterns and replacers.
|
|
10
12
|
|
|
11
13
|
Circular references and other unsupported values are handled gracefully, and the library is designed to be as fast as
|
|
12
14
|
possible while still being easy to use and configure.
|
|
@@ -58,7 +60,7 @@ objRedaction.redact(obj)
|
|
|
58
60
|
// }
|
|
59
61
|
|
|
60
62
|
const strRedaction = new DeepRedact({
|
|
61
|
-
|
|
63
|
+
partialStringTests: [
|
|
62
64
|
{
|
|
63
65
|
pattern: /<(email|password)>([^<]+)<\/\1>/gi,
|
|
64
66
|
replacer: (value: string, pattern: RegExp) => value.replace(pattern, '<$1>[REDACTED]</$1>'),
|
|
@@ -71,6 +73,30 @@ strRedaction.redact('<email>someone@somewhere.com</email><keepThis>This is fine<
|
|
|
71
73
|
// '<email>[REDACTED]</email><keepThis>This is fine</keepThis><password>[REDACTED]</password>'
|
|
72
74
|
```
|
|
73
75
|
|
|
76
|
+
// Override the `unsupportedTransformer` method to handle unsupported values
|
|
77
|
+
|
|
78
|
+
```typescript
|
|
79
|
+
class CustomRedaction extends DeepRedact {
|
|
80
|
+
constructor(options) {
|
|
81
|
+
super(options)
|
|
82
|
+
this.rewriteUnsupported = (value) => {
|
|
83
|
+
if (value instanceof BigInt) return value.toString()
|
|
84
|
+
|
|
85
|
+
// Add more conditional statements for unsupported value types here (e.g. Error, Date, Map, Set, etc.)
|
|
86
|
+
|
|
87
|
+
// If the value is supported, return it
|
|
88
|
+
return value
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
const customRedaction = new CustomRedaction({
|
|
94
|
+
blacklistedKeys: ['sensitive', 'password', /name/i],
|
|
95
|
+
})
|
|
96
|
+
|
|
97
|
+
customRedaction.redact({ a: BigInt(1) })
|
|
98
|
+
```
|
|
99
|
+
|
|
74
100
|
## Configuration
|
|
75
101
|
|
|
76
102
|
### Main Options
|
|
@@ -78,7 +104,8 @@ strRedaction.redact('<email>someone@somewhere.com</email><keepThis>This is fine<
|
|
|
78
104
|
| key | description | type | options | default | required |
|
|
79
105
|
| --- | --- | --- | --- | --- | --- |
|
|
80
106
|
| blacklistedKeys | Deeply compare names of these keys against the keys in your object. | array | Array<string│RegExp│BlacklistKeyConfig> | [] | N |
|
|
81
|
-
| stringTests | Array of regular expressions to perform against string values, whether that value is a flat string or nested within an object. | array | Array<RegExp│StringTestConfig> | [] | N |
|
|
107
|
+
| stringTests | Array of regular expressions to perform against string values, whether that value is a flat string or nested within an object. Will redact whole string values. If you want to redact only part of the string, use `partialStringTests` instead. If a replacer function is provided in the config for the associated test, it will be used to redact the value. | array | Array<RegExp│StringTestConfig> | [] | N |
|
|
108
|
+
| partialStringTests | Array of regular expressions to perform against string values, whether that value is a flat string or nested within an object. Will redact only the matched part of the string using the replacer function provided in the config for the associated test. | array | StringTestConfig[] | [] | N |
|
|
82
109
|
| fuzzyKeyMatch | Loosely compare key names by checking if the key name of your unredacted object is included anywhere within the name of your blacklisted key. For example, is "pass" (your key) included in "password" (from config). | boolean | | false | N |
|
|
83
110
|
| caseSensitiveKeyMatch | Loosely compare key names by normalising the strings. This involves removing non-word characters and transforms the string to lowercase. This means you never have to worry having to list duplicate keys in different formats such as snake_case, camelCase, PascalCase or any other case. | boolean | | true | N |
|
|
84
111
|
| remove | Determines whether or not to remove the key from the object when it is redacted. | boolean | | false | N |
|
|
@@ -131,22 +158,23 @@ Redact and Obglob are slower and rely on dependencies.
|
|
|
131
158
|
|
|
132
159
|
| scenario | ops / sec | op duration (ms) | margin of error | sample count |
|
|
133
160
|
| --- | --- | --- | --- | --- |
|
|
134
|
-
| DeepRedact,
|
|
135
|
-
| JSON.stringify, large object |
|
|
136
|
-
| DeepRedact, remove item, single object |
|
|
137
|
-
| Regex replace, large object |
|
|
138
|
-
| DeepRedact,
|
|
139
|
-
| DeepRedact,
|
|
140
|
-
| DeepRedact, replace string by length, single object |
|
|
141
|
-
| DeepRedact,
|
|
142
|
-
| DeepRedact,
|
|
143
|
-
| DeepRedact, config per key, single object |
|
|
144
|
-
| DeepRedact, default config, 1000 large objects |
|
|
145
|
-
| fast redact, large object |
|
|
146
|
-
| ObGlob, large object |
|
|
147
|
-
| DeepRedact, case insensitive matching, single object |
|
|
148
|
-
| DeepRedact, fuzzy and case insensitive matching, single object |
|
|
149
|
-
| JSON.stringify, 1000 large objects |
|
|
150
|
-
| ObGlob, 1000 large objects |
|
|
151
|
-
|
|
|
152
|
-
|
|
|
161
|
+
| DeepRedact, partial redaction | 176654.38 | 0.0056607711 | 0.00003 | 88329 |
|
|
162
|
+
| JSON.stringify, large object | 164287.01 | 0.0060869085 | 0.00002 | 82144 |
|
|
163
|
+
| DeepRedact, remove item, single object | 25142.69 | 0.0397729959 | 0.00029 | 12572 |
|
|
164
|
+
| Regex replace, large object | 23061.11 | 0.0433630529 | 0.00022 | 11531 |
|
|
165
|
+
| DeepRedact, default config, large object | 21454.71 | 0.0466098038 | 0.00086 | 10728 |
|
|
166
|
+
| DeepRedact, custom replacer function, single object | 21026.51 | 0.047559016 | 0.00047 | 10514 |
|
|
167
|
+
| DeepRedact, replace string by length, single object | 19629.37 | 0.0509440788 | 0.00032 | 9815 |
|
|
168
|
+
| DeepRedact, retain structure, single object | 18238.97 | 0.0548276723 | 0.00049 | 9120 |
|
|
169
|
+
| DeepRedact, fuzzy matching, single object | 17470.6 | 0.0572390237 | 0.00029 | 8736 |
|
|
170
|
+
| DeepRedact, config per key, single object | 15398.94 | 0.0649395488 | 0.00036 | 7700 |
|
|
171
|
+
| DeepRedact, default config, 1000 large objects | 8401.8 | 0.1190220507 | 0.00103 | 4201 |
|
|
172
|
+
| fast redact, large object | 5898.84 | 0.1695249305 | 0.00133 | 2950 |
|
|
173
|
+
| ObGlob, large object | 4876.54 | 0.2050635404 | 0.01142 | 2439 |
|
|
174
|
+
| DeepRedact, case insensitive matching, single object | 3576.62 | 0.279593299 | 0.00282 | 1789 |
|
|
175
|
+
| DeepRedact, fuzzy and case insensitive matching, single object | 3379.78 | 0.295877197 | 0.00244 | 1690 |
|
|
176
|
+
| JSON.stringify, 1000 large objects | 220.76 | 4.5298012342 | 0.10929 | 111 |
|
|
177
|
+
| ObGlob, 1000 large objects | 166.2 | 6.0168303571 | 0.07621 | 84 |
|
|
178
|
+
| DeepRedact, partial redaction large string | 126.88 | 7.8814680469 | 0.28048 | 64 |
|
|
179
|
+
| fast redact, 1000 large objects | 122.12 | 8.1884899032 | 0.06661 | 62 |
|
|
180
|
+
| Regex replace, 1000 large objects | 93.88 | 10.6515390208 | 0.36668 | 48 |
|
package/dist/cjs/index.js
CHANGED
|
@@ -47,13 +47,11 @@ class DeepRedact {
|
|
|
47
47
|
* @returns {unknown} The value in a format that is supported by JSON.stringify.
|
|
48
48
|
*/
|
|
49
49
|
this.unsupportedTransformer = (value) => {
|
|
50
|
-
if (!this.config.serialise)
|
|
51
|
-
return value;
|
|
52
50
|
if (typeof value === 'bigint') {
|
|
53
51
|
return {
|
|
54
52
|
__unsupported: {
|
|
55
53
|
type: 'bigint',
|
|
56
|
-
value: value.toString(),
|
|
54
|
+
value: value.toString(10),
|
|
57
55
|
radix: 10,
|
|
58
56
|
},
|
|
59
57
|
};
|
|
@@ -145,15 +143,27 @@ class DeepRedact {
|
|
|
145
143
|
* This is to ensure that the WeakSet doesn't cause memory leaks.
|
|
146
144
|
* @private
|
|
147
145
|
* @param value
|
|
146
|
+
* @returns {unknown} The value as a JSON string or as the provided value.
|
|
147
|
+
* @throws {Error} If the value cannot be serialised.
|
|
148
148
|
*/
|
|
149
149
|
this.maybeSerialise = (value) => {
|
|
150
150
|
this.circularReference = null;
|
|
151
|
-
|
|
151
|
+
if (!this.config.serialise)
|
|
152
|
+
return value;
|
|
153
|
+
if (typeof value === 'string')
|
|
154
|
+
return value;
|
|
155
|
+
try {
|
|
156
|
+
return JSON.stringify(value);
|
|
157
|
+
}
|
|
158
|
+
catch (error) {
|
|
159
|
+
throw new Error('Failed to serialise value. Did you override the `unsupportedTransformer` method and return a value that is not supported by JSON.stringify?');
|
|
160
|
+
}
|
|
152
161
|
};
|
|
153
162
|
/**
|
|
154
163
|
* Redact the provided value. The value will be stripped of any circular references and other unsupported data types, before being redacted according to the configuration and finally serialised if required.
|
|
155
164
|
* @param {unknown} value The value to redact.
|
|
156
165
|
* @returns {unknown} The redacted value.
|
|
166
|
+
* @throws {Error} If the value cannot be serialised.
|
|
157
167
|
*/
|
|
158
168
|
this.redact = (value) => {
|
|
159
169
|
return this.maybeSerialise(this.redactorUtils.recurse(this.rewriteUnsupported(value)));
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const defaultConfig = {
|
|
4
4
|
stringTests: [],
|
|
5
5
|
blacklistedKeys: [],
|
|
6
|
+
partialStringTests: [],
|
|
6
7
|
blacklistedKeysTransformed: [],
|
|
7
8
|
fuzzyKeyMatch: false,
|
|
8
9
|
caseSensitiveKeyMatch: true,
|
|
@@ -14,7 +15,7 @@ const defaultConfig = {
|
|
|
14
15
|
};
|
|
15
16
|
class RedactorUtils {
|
|
16
17
|
constructor(customConfig) {
|
|
17
|
-
var _a, _b, _c;
|
|
18
|
+
var _a, _b, _c, _d;
|
|
18
19
|
/**
|
|
19
20
|
* The configuration for the redaction.
|
|
20
21
|
* @private
|
|
@@ -82,36 +83,37 @@ class RedactorUtils {
|
|
|
82
83
|
this.redactString = (value, replacement, remove, shouldRedact) => {
|
|
83
84
|
if (!value || typeof value !== 'string')
|
|
84
85
|
return value;
|
|
86
|
+
const maybePartiallyRedacted = this.partialStringRedact(value);
|
|
85
87
|
const { stringTests } = this.config;
|
|
86
88
|
if (!shouldRedact) {
|
|
87
89
|
const result = stringTests === null || stringTests === void 0 ? void 0 : stringTests.map((test) => {
|
|
88
90
|
if (test instanceof RegExp) {
|
|
89
|
-
if (!test.test(
|
|
90
|
-
return
|
|
91
|
+
if (!test.test(maybePartiallyRedacted))
|
|
92
|
+
return maybePartiallyRedacted;
|
|
91
93
|
if (remove)
|
|
92
94
|
return undefined;
|
|
93
95
|
if (typeof replacement === 'function')
|
|
94
|
-
return replacement(
|
|
96
|
+
return replacement(maybePartiallyRedacted);
|
|
95
97
|
if (this.config.replaceStringByLength)
|
|
96
|
-
return replacement.repeat(
|
|
98
|
+
return replacement.repeat(maybePartiallyRedacted.length);
|
|
97
99
|
return replacement;
|
|
98
100
|
}
|
|
99
|
-
if (remove && test.pattern.test(
|
|
101
|
+
if (remove && test.pattern.test(maybePartiallyRedacted))
|
|
100
102
|
return undefined;
|
|
101
|
-
return test.replacer(
|
|
103
|
+
return test.replacer(maybePartiallyRedacted, test.pattern);
|
|
102
104
|
}).filter(Boolean)[0];
|
|
103
105
|
if (result)
|
|
104
106
|
return result;
|
|
105
107
|
if (remove)
|
|
106
108
|
return undefined;
|
|
107
|
-
return
|
|
109
|
+
return maybePartiallyRedacted;
|
|
108
110
|
}
|
|
109
111
|
if (remove)
|
|
110
112
|
return undefined;
|
|
111
113
|
if (typeof replacement === 'function')
|
|
112
|
-
return replacement(
|
|
114
|
+
return replacement(maybePartiallyRedacted);
|
|
113
115
|
if (this.config.replaceStringByLength)
|
|
114
|
-
return replacement.repeat(
|
|
116
|
+
return replacement.repeat(maybePartiallyRedacted.length);
|
|
115
117
|
return replacement;
|
|
116
118
|
};
|
|
117
119
|
/**
|
|
@@ -160,6 +162,16 @@ class RedactorUtils {
|
|
|
160
162
|
return [prop, this.recurse(val, key !== null && key !== void 0 ? key : prop, shouldRedact)];
|
|
161
163
|
}).filter(([prop]) => prop !== undefined));
|
|
162
164
|
};
|
|
165
|
+
this.partialStringRedact = (value) => {
|
|
166
|
+
const { partialStringTests } = this.config;
|
|
167
|
+
if (partialStringTests.length === 0)
|
|
168
|
+
return value;
|
|
169
|
+
let result = value;
|
|
170
|
+
partialStringTests.forEach((test) => {
|
|
171
|
+
result = test.replacer(result, test.pattern);
|
|
172
|
+
});
|
|
173
|
+
return result;
|
|
174
|
+
};
|
|
163
175
|
/**
|
|
164
176
|
* Redact a value. If the value is an object or array, the redaction will be performed recursively, otherwise the value will be redacted if it is a supported type using the `replace` method.
|
|
165
177
|
* @private
|
|
@@ -185,7 +197,7 @@ class RedactorUtils {
|
|
|
185
197
|
return this.redactArray(value);
|
|
186
198
|
return this.redactObject(value, key, parentShouldRedact);
|
|
187
199
|
};
|
|
188
|
-
this.config = Object.assign(Object.assign(Object.assign({}, defaultConfig), customConfig), {
|
|
200
|
+
this.config = Object.assign(Object.assign(Object.assign({}, defaultConfig), customConfig), { partialStringTests: (_a = customConfig.partialStringTests) !== null && _a !== void 0 ? _a : [], blacklistedKeys: (_b = customConfig.blacklistedKeys) !== null && _b !== void 0 ? _b : [], blacklistedKeysTransformed: (_d = (_c = customConfig.blacklistedKeys) === null || _c === void 0 ? void 0 : _c.map((key) => {
|
|
189
201
|
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
|
|
190
202
|
const isObject = !(typeof key === 'string' || key instanceof RegExp);
|
|
191
203
|
const setKey = isObject ? key.key : key;
|
|
@@ -208,7 +220,7 @@ class RedactorUtils {
|
|
|
208
220
|
};
|
|
209
221
|
}
|
|
210
222
|
return fallback;
|
|
211
|
-
})) !== null &&
|
|
223
|
+
})) !== null && _d !== void 0 ? _d : [] });
|
|
212
224
|
}
|
|
213
225
|
}
|
|
214
226
|
/**
|
|
@@ -217,7 +229,7 @@ class RedactorUtils {
|
|
|
217
229
|
* @param str The string to normalise.
|
|
218
230
|
* @returns {string} The normalised string.
|
|
219
231
|
*/
|
|
220
|
-
RedactorUtils.normaliseString = (str) => str.toLowerCase().
|
|
232
|
+
RedactorUtils.normaliseString = (str) => str.toLowerCase().replaceAll(/\W/g, '');
|
|
221
233
|
/**
|
|
222
234
|
* Determine if a key matches a given blacklistedKeyConfig. This will check the key against the blacklisted keys,
|
|
223
235
|
* using the configuration option for the given key falling back to the default configuration.
|
package/dist/esm/index.mjs
CHANGED
|
@@ -42,13 +42,11 @@ class DeepRedact {
|
|
|
42
42
|
* @returns {unknown} The value in a format that is supported by JSON.stringify.
|
|
43
43
|
*/
|
|
44
44
|
unsupportedTransformer = (value) => {
|
|
45
|
-
if (!this.config.serialise)
|
|
46
|
-
return value;
|
|
47
45
|
if (typeof value === 'bigint') {
|
|
48
46
|
return {
|
|
49
47
|
__unsupported: {
|
|
50
48
|
type: 'bigint',
|
|
51
|
-
value: value.toString(),
|
|
49
|
+
value: value.toString(10),
|
|
52
50
|
radix: 10,
|
|
53
51
|
},
|
|
54
52
|
};
|
|
@@ -138,15 +136,27 @@ class DeepRedact {
|
|
|
138
136
|
* This is to ensure that the WeakSet doesn't cause memory leaks.
|
|
139
137
|
* @private
|
|
140
138
|
* @param value
|
|
139
|
+
* @returns {unknown} The value as a JSON string or as the provided value.
|
|
140
|
+
* @throws {Error} If the value cannot be serialised.
|
|
141
141
|
*/
|
|
142
142
|
maybeSerialise = (value) => {
|
|
143
143
|
this.circularReference = null;
|
|
144
|
-
|
|
144
|
+
if (!this.config.serialise)
|
|
145
|
+
return value;
|
|
146
|
+
if (typeof value === 'string')
|
|
147
|
+
return value;
|
|
148
|
+
try {
|
|
149
|
+
return JSON.stringify(value);
|
|
150
|
+
}
|
|
151
|
+
catch (error) {
|
|
152
|
+
throw new Error('Failed to serialise value. Did you override the `unsupportedTransformer` method and return a value that is not supported by JSON.stringify?');
|
|
153
|
+
}
|
|
145
154
|
};
|
|
146
155
|
/**
|
|
147
156
|
* Redact the provided value. The value will be stripped of any circular references and other unsupported data types, before being redacted according to the configuration and finally serialised if required.
|
|
148
157
|
* @param {unknown} value The value to redact.
|
|
149
158
|
* @returns {unknown} The redacted value.
|
|
159
|
+
* @throws {Error} If the value cannot be serialised.
|
|
150
160
|
*/
|
|
151
161
|
redact = (value) => {
|
|
152
162
|
return this.maybeSerialise(this.redactorUtils.recurse(this.rewriteUnsupported(value)));
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
const defaultConfig = {
|
|
2
2
|
stringTests: [],
|
|
3
3
|
blacklistedKeys: [],
|
|
4
|
+
partialStringTests: [],
|
|
4
5
|
blacklistedKeysTransformed: [],
|
|
5
6
|
fuzzyKeyMatch: false,
|
|
6
7
|
caseSensitiveKeyMatch: true,
|
|
@@ -20,6 +21,7 @@ class RedactorUtils {
|
|
|
20
21
|
this.config = {
|
|
21
22
|
...defaultConfig,
|
|
22
23
|
...customConfig,
|
|
24
|
+
partialStringTests: customConfig.partialStringTests ?? [],
|
|
23
25
|
blacklistedKeys: customConfig.blacklistedKeys ?? [],
|
|
24
26
|
blacklistedKeysTransformed: customConfig.blacklistedKeys?.map((key) => {
|
|
25
27
|
const isObject = !(typeof key === 'string' || key instanceof RegExp);
|
|
@@ -52,7 +54,7 @@ class RedactorUtils {
|
|
|
52
54
|
* @param str The string to normalise.
|
|
53
55
|
* @returns {string} The normalised string.
|
|
54
56
|
*/
|
|
55
|
-
static normaliseString = (str) => str.toLowerCase().
|
|
57
|
+
static normaliseString = (str) => str.toLowerCase().replaceAll(/\W/g, '');
|
|
56
58
|
/**
|
|
57
59
|
* Determine if a key matches a given blacklistedKeyConfig. This will check the key against the blacklisted keys,
|
|
58
60
|
* using the configuration option for the given key falling back to the default configuration.
|
|
@@ -133,36 +135,37 @@ class RedactorUtils {
|
|
|
133
135
|
redactString = (value, replacement, remove, shouldRedact) => {
|
|
134
136
|
if (!value || typeof value !== 'string')
|
|
135
137
|
return value;
|
|
138
|
+
const maybePartiallyRedacted = this.partialStringRedact(value);
|
|
136
139
|
const { stringTests } = this.config;
|
|
137
140
|
if (!shouldRedact) {
|
|
138
141
|
const result = stringTests?.map((test) => {
|
|
139
142
|
if (test instanceof RegExp) {
|
|
140
|
-
if (!test.test(
|
|
141
|
-
return
|
|
143
|
+
if (!test.test(maybePartiallyRedacted))
|
|
144
|
+
return maybePartiallyRedacted;
|
|
142
145
|
if (remove)
|
|
143
146
|
return undefined;
|
|
144
147
|
if (typeof replacement === 'function')
|
|
145
|
-
return replacement(
|
|
148
|
+
return replacement(maybePartiallyRedacted);
|
|
146
149
|
if (this.config.replaceStringByLength)
|
|
147
|
-
return replacement.repeat(
|
|
150
|
+
return replacement.repeat(maybePartiallyRedacted.length);
|
|
148
151
|
return replacement;
|
|
149
152
|
}
|
|
150
|
-
if (remove && test.pattern.test(
|
|
153
|
+
if (remove && test.pattern.test(maybePartiallyRedacted))
|
|
151
154
|
return undefined;
|
|
152
|
-
return test.replacer(
|
|
155
|
+
return test.replacer(maybePartiallyRedacted, test.pattern);
|
|
153
156
|
}).filter(Boolean)[0];
|
|
154
157
|
if (result)
|
|
155
158
|
return result;
|
|
156
159
|
if (remove)
|
|
157
160
|
return undefined;
|
|
158
|
-
return
|
|
161
|
+
return maybePartiallyRedacted;
|
|
159
162
|
}
|
|
160
163
|
if (remove)
|
|
161
164
|
return undefined;
|
|
162
165
|
if (typeof replacement === 'function')
|
|
163
|
-
return replacement(
|
|
166
|
+
return replacement(maybePartiallyRedacted);
|
|
164
167
|
if (this.config.replaceStringByLength)
|
|
165
|
-
return replacement.repeat(
|
|
168
|
+
return replacement.repeat(maybePartiallyRedacted.length);
|
|
166
169
|
return replacement;
|
|
167
170
|
};
|
|
168
171
|
/**
|
|
@@ -211,6 +214,16 @@ class RedactorUtils {
|
|
|
211
214
|
return [prop, this.recurse(val, key ?? prop, shouldRedact)];
|
|
212
215
|
}).filter(([prop]) => prop !== undefined));
|
|
213
216
|
};
|
|
217
|
+
partialStringRedact = (value) => {
|
|
218
|
+
const { partialStringTests } = this.config;
|
|
219
|
+
if (partialStringTests.length === 0)
|
|
220
|
+
return value;
|
|
221
|
+
let result = value;
|
|
222
|
+
partialStringTests.forEach((test) => {
|
|
223
|
+
result = test.replacer(result, test.pattern);
|
|
224
|
+
});
|
|
225
|
+
return result;
|
|
226
|
+
};
|
|
214
227
|
/**
|
|
215
228
|
* Redact a value. If the value is an object or array, the redaction will be performed recursively, otherwise the value will be redacted if it is a supported type using the `replace` method.
|
|
216
229
|
* @private
|
package/dist/types/index.d.ts
CHANGED
|
@@ -51,12 +51,15 @@ declare class DeepRedact {
|
|
|
51
51
|
* This is to ensure that the WeakSet doesn't cause memory leaks.
|
|
52
52
|
* @private
|
|
53
53
|
* @param value
|
|
54
|
+
* @returns {unknown} The value as a JSON string or as the provided value.
|
|
55
|
+
* @throws {Error} If the value cannot be serialised.
|
|
54
56
|
*/
|
|
55
57
|
private maybeSerialise;
|
|
56
58
|
/**
|
|
57
59
|
* Redact the provided value. The value will be stripped of any circular references and other unsupported data types, before being redacted according to the configuration and finally serialised if required.
|
|
58
60
|
* @param {unknown} value The value to redact.
|
|
59
61
|
* @returns {unknown} The redacted value.
|
|
62
|
+
* @throws {Error} If the value cannot be serialised.
|
|
60
63
|
*/
|
|
61
64
|
redact: (value: unknown) => unknown;
|
|
62
65
|
}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -42,6 +42,10 @@ export interface BlacklistKeyConfig {
|
|
|
42
42
|
*/
|
|
43
43
|
key: string | RegExp;
|
|
44
44
|
}
|
|
45
|
+
export interface ComplexStringTest {
|
|
46
|
+
pattern: RegExp;
|
|
47
|
+
replacer: (value: string, pattern: RegExp) => string;
|
|
48
|
+
}
|
|
45
49
|
export interface BaseDeepRedactConfig {
|
|
46
50
|
/**
|
|
47
51
|
* Keys that should be redacted. Can be a string, or an object with additional configuration options.
|
|
@@ -58,10 +62,8 @@ export interface BaseDeepRedactConfig {
|
|
|
58
62
|
* /^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$/, // redact any string that looks like an IP address.
|
|
59
63
|
* ]
|
|
60
64
|
*/
|
|
61
|
-
stringTests?: Array<RegExp |
|
|
62
|
-
|
|
63
|
-
replacer: (value: string, pattern: RegExp) => string;
|
|
64
|
-
}>;
|
|
65
|
+
stringTests?: Array<RegExp | ComplexStringTest>;
|
|
66
|
+
partialStringTests?: Array<ComplexStringTest>;
|
|
65
67
|
/**
|
|
66
68
|
* Perform a fuzzy match on the key. This will match any key that contains the string, rather than a case-sensitive match.
|
|
67
69
|
* @default false
|
|
@@ -122,8 +124,20 @@ export interface BaseDeepRedactConfig {
|
|
|
122
124
|
serialize?: boolean;
|
|
123
125
|
}
|
|
124
126
|
export type DeepRedactConfig = Partial<Omit<BaseDeepRedactConfig, 'blacklistedKeysTransformed' | 'blacklistedKeys' | 'stringTests'>> & ({
|
|
127
|
+
partialStringTests: BaseDeepRedactConfig['partialStringTests'];
|
|
125
128
|
blacklistedKeys: BaseDeepRedactConfig['blacklistedKeys'];
|
|
126
129
|
stringTests: BaseDeepRedactConfig['stringTests'];
|
|
130
|
+
} | {
|
|
131
|
+
partialStringTests: BaseDeepRedactConfig['partialStringTests'];
|
|
132
|
+
blacklistedKeys: BaseDeepRedactConfig['blacklistedKeys'];
|
|
133
|
+
} | {
|
|
134
|
+
blacklistedKeys: BaseDeepRedactConfig['blacklistedKeys'];
|
|
135
|
+
stringTests: BaseDeepRedactConfig['stringTests'];
|
|
136
|
+
} | {
|
|
137
|
+
partialStringTests: BaseDeepRedactConfig['partialStringTests'];
|
|
138
|
+
stringTests: BaseDeepRedactConfig['stringTests'];
|
|
139
|
+
} | {
|
|
140
|
+
partialStringTests: BaseDeepRedactConfig['partialStringTests'];
|
|
127
141
|
} | {
|
|
128
142
|
blacklistedKeys: BaseDeepRedactConfig['blacklistedKeys'];
|
|
129
143
|
} | {
|
|
@@ -77,6 +77,7 @@ declare class RedactorUtils {
|
|
|
77
77
|
* @param {boolean} parentShouldRedact Whether the item should be redacted based on the key within the parent object.
|
|
78
78
|
*/
|
|
79
79
|
private redactObject;
|
|
80
|
+
partialStringRedact: (value: string) => string;
|
|
80
81
|
/**
|
|
81
82
|
* Redact a value. If the value is an object or array, the redaction will be performed recursively, otherwise the value will be redacted if it is a supported type using the `replace` method.
|
|
82
83
|
* @private
|
package/package.json
CHANGED