@hackylabs/deep-redact 2.2.1 → 2.2.2

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Benjamin Green (https://bengreen.dev)
+Copyright (c) 2026 Benjamin Green (https://bengreen.dev)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -3,12 +3,11 @@
 [![npm version](https://badge.fury.io/js/@hackylabs%2Fdeep-redact.svg)](https://badge.fury.io/js/@hackylabs%2Fdeep-redact)
 [![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/hackylabs/deep-redact/blob/main/LICENSE)
 
-Faster than Fast Redact <sup>1</sup> as well as being safer and more configurable than many other redaction solutions,
-Deep Redact is a zero-dependency tool that redacts sensitive information from strings and objects. It is designed to be
-used in a production environment where sensitive information needs to be redacted from logs, error messages, files,
-and other outputs. Supporting both strings and objects or a mix of both, Deep Redact can be used to redact sensitive
-information from more data structures than any other redaction library. Even partially redacting sensitive information
-from strings is supported, by way of custom regex patterns and replacers.
+Deep Redact is a safe, configurable, zero-dependency tool that redacts sensitive information from strings and objects.
+It is designed to be used in a production environment where sensitive information needs to be redacted from logs, error
+messages, files, and other outputs. Supporting both strings and objects or a mix of both, Deep Redact can be used to
+redact sensitive information from a wide range of data structures. Even partially redacting sensitive information from
+strings is supported, by way of custom regex patterns and replacers.
 
 Circular references and other unsupported values are handled gracefully, and the library is designed to be as fast as
 possible while still being easy to use and configure.
@@ -134,47 +133,16 @@ customRedaction.redact({ a: BigInt(1) })
 | replacer | A function that will be called with the value of the string that matched the pattern and the pattern itself. This function should return the new (redacted) value to replace the original value. | function | Y |
 
 ### Benchmark
-Comparisons are made against JSON.stringify, Regex.replace, Fast Redact &
-(one of my other creations, [@hackylabs/obglob](https://npmjs.com/package/@hackylabs/obglob)) as well as different
-configurations of Deep Redact, using [this test object](./test/setup/dummyUser.ts). Fast Redact was configured to redact
-the same keys on the same object as Deep Redact without using wildcards.
-
-The benchmark is run on a 2021 iMac with an M1 chip with 16GB memory running macOS Sequoia 15.0.0.
-
-JSON.stringify is included as a benchmark because it is the fastest way to deeply iterate over an object, although it
-doesn't redact any sensitive information.
-
-Regex.replace is included as a benchmark because it is the fastest way to redact sensitive information from a string.
-However, a regex pattern for all keys to be redacted is much harder to configure than a dedicated redaction library,
-especially when dealing with multiple types of values. It also doesn't handle circular references or other unsupported
-values as gracefully as deep-redact unless a third-party library is used to stringify the object beforehand.
-
-Fast-redact is included as a benchmark because it's the next fastest library available specifically for redaction.
-
-Neither JSON.stringify, Regex.replace nor Fast Redact offer the same level of configurability as deep-redact. Both Fast
-Redact and Obglob are slower and rely on dependencies.
-
-![Benchmark](./benchmark.png)
-
-| scenario | ops / sec | op duration (ms) | margin of error | sample count |
-| --- | --- | --- | --- | --- |
-| DeepRedact, partial redaction | 176654.38 | 0.0056607711 | 0.00003 | 88329 |
-| JSON.stringify, large object | 164287.01 | 0.0060869085 | 0.00002 | 82144 |
-| DeepRedact, remove item, single object | 25142.69 | 0.0397729959 | 0.00029 | 12572 |
-| Regex replace, large object | 23061.11 | 0.0433630529 | 0.00022 | 11531 |
-| DeepRedact, default config, large object | 21454.71 | 0.0466098038 | 0.00086 | 10728 |
-| DeepRedact, custom replacer function, single object | 21026.51 | 0.047559016 | 0.00047 | 10514 |
-| DeepRedact, replace string by length, single object | 19629.37 | 0.0509440788 | 0.00032 | 9815 |
-| DeepRedact, retain structure, single object | 18238.97 | 0.0548276723 | 0.00049 | 9120 |
-| DeepRedact, fuzzy matching, single object | 17470.6 | 0.0572390237 | 0.00029 | 8736 |
-| DeepRedact, config per key, single object | 15398.94 | 0.0649395488 | 0.00036 | 7700 |
-| DeepRedact, default config, 1000 large objects | 8401.8 | 0.1190220507 | 0.00103 | 4201 |
-| fast redact, large object | 5898.84 | 0.1695249305 | 0.00133 | 2950 |
-| ObGlob, large object | 4876.54 | 0.2050635404 | 0.01142 | 2439 |
-| DeepRedact, case insensitive matching, single object | 3576.62 | 0.279593299 | 0.00282 | 1789 |
-| DeepRedact, fuzzy and case insensitive matching, single object | 3379.78 | 0.295877197 | 0.00244 | 1690 |
-| JSON.stringify, 1000 large objects | 220.76 | 4.5298012342 | 0.10929 | 111 |
-| ObGlob, 1000 large objects | 166.2 | 6.0168303571 | 0.07621 | 84 |
-| DeepRedact, partial redaction large string | 126.88 | 7.8814680469 | 0.28048 | 64 |
-| fast redact, 1000 large objects | 122.12 | 8.1884899032 | 0.06661 | 62 |
-| Regex replace, 1000 large objects | 93.88 | 10.6515390208 | 0.36668 | 48 |
+
+A benchmark comparing Deep Redact against other libraries appeared in earlier versions of this README. It has been
+withdrawn because of a subtle flaw in how the test data was constructed.
+
+The multi-object scenarios built their input with `Array(1000).fill(user)`, which produces an array of 1000 references
+to a *single* shared object rather than 1000 distinct objects. Deep Redact's circular-reference protection correctly
+detects the repeated reference and replaces every occurrence after the first with a circular-reference marker, so it
+effectively redacted one object while the other libraries redacted all 1000. That short-circuiting is correct behaviour
+in its own right, which is part of why the benchmarking mistake was easy to overlook, but it meant the libraries were
+doing very different amounts of work and overstated Deep Redact's throughput by roughly 50-70x in those cases. The
+single-object scenarios were also not strictly like-for-like.
+
+Because the figures were not representative, this release makes no performance comparison against other libraries.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hackylabs/deep-redact",
-  "version": "2.2.1",
+  "version": "2.2.2",
   "description": "A fast, safe and configurable zero-dependency library for redacting strings or deeply redacting arrays and objects.",
   "private": false,
   "license": "MIT",
@@ -51,11 +51,9 @@
   },
   "scripts": {
     "lint": "eslint",
-    "build": "npm run lint && npm run test && npm run bench && npm run build:esm && npm run build:cjs && npm run update-readme && npm run update-license",
+    "build": "npm run lint && npm run test && npm run build:esm && npm run build:cjs && npm run update-readme && npm run update-license",
     "build:esm": "tsc --project tsconfig.esm.json && ./scripts/js-to-mjs.sh",
     "build:cjs": "tsc --project tsconfig.cjs.json",
-    "bench": "npx vitest bench --watch=false",
-    "bench:dev": "npx vitest bench",
     "test:dev": "npx vitest",
     "test": "npx vitest run",
     "update-readme": "npx ts-node ./scripts/update-readme.ts",