@heroku/js-blanket 0.0.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (82) hide show
  1. package/README.md +4 -1
  2. package/dist/cjs/.tsbuildinfo +1 -0
  3. package/dist/cjs/adapters/logging/generic.js +23 -0
  4. package/dist/cjs/adapters/logging/generic.js.map +1 -0
  5. package/dist/cjs/adapters/logging/generic.test.js +432 -0
  6. package/dist/cjs/adapters/logging/generic.test.js.map +1 -0
  7. package/dist/cjs/core/patterns.js +17 -0
  8. package/dist/cjs/core/patterns.js.map +1 -0
  9. package/dist/cjs/core/presets.js +116 -0
  10. package/dist/cjs/core/presets.js.map +1 -0
  11. package/dist/cjs/core/scrubber.js +260 -0
  12. package/dist/cjs/core/scrubber.js.map +1 -0
  13. package/dist/cjs/core/scrubber.test.js +392 -0
  14. package/dist/cjs/core/scrubber.test.js.map +1 -0
  15. package/dist/cjs/core/types.js +3 -0
  16. package/dist/cjs/core/types.js.map +1 -0
  17. package/dist/cjs/core/types.test.js +326 -0
  18. package/dist/cjs/core/types.test.js.map +1 -0
  19. package/dist/cjs/index.js +16 -0
  20. package/dist/cjs/index.js.map +1 -0
  21. package/dist/cjs/index.test.js +31 -0
  22. package/dist/cjs/index.test.js.map +1 -0
  23. package/dist/cjs/package.json +1 -0
  24. package/dist/esm/.tsbuildinfo +1 -0
  25. package/{src/adapters/logging/generic.ts → dist/esm/adapters/logging/generic.d.ts} +1 -4
  26. package/dist/esm/adapters/logging/generic.js +20 -0
  27. package/dist/esm/adapters/logging/generic.js.map +1 -0
  28. package/dist/esm/adapters/logging/generic.test.d.ts +7 -0
  29. package/dist/esm/adapters/logging/generic.test.js +430 -0
  30. package/dist/esm/adapters/logging/generic.test.js.map +1 -0
  31. package/dist/esm/core/patterns.d.ts +4 -0
  32. package/dist/esm/core/patterns.js +14 -0
  33. package/dist/esm/core/patterns.js.map +1 -0
  34. package/dist/esm/core/presets.d.ts +64 -0
  35. package/{src/core/presets.ts → dist/esm/core/presets.js} +46 -55
  36. package/dist/esm/core/presets.js.map +1 -0
  37. package/dist/esm/core/scrubber.d.ts +131 -0
  38. package/dist/esm/core/scrubber.js +256 -0
  39. package/dist/esm/core/scrubber.js.map +1 -0
  40. package/dist/esm/core/scrubber.test.d.ts +1 -0
  41. package/dist/esm/core/scrubber.test.js +390 -0
  42. package/dist/esm/core/scrubber.test.js.map +1 -0
  43. package/dist/esm/core/types.d.ts +169 -0
  44. package/dist/esm/core/types.js +2 -0
  45. package/dist/esm/core/types.js.map +1 -0
  46. package/dist/esm/core/types.test.d.ts +9 -0
  47. package/dist/esm/core/types.test.js +324 -0
  48. package/dist/esm/core/types.test.js.map +1 -0
  49. package/{src/index.ts → dist/esm/index.d.ts} +0 -3
  50. package/dist/esm/index.js +7 -0
  51. package/dist/esm/index.js.map +1 -0
  52. package/dist/esm/index.test.d.ts +1 -0
  53. package/dist/esm/index.test.js +29 -0
  54. package/dist/esm/index.test.js.map +1 -0
  55. package/package.json +45 -47
  56. package/.c8rc.json +0 -11
  57. package/.editorconfig +0 -11
  58. package/.github/PULL_REQUEST_TEMPLATE.md +0 -41
  59. package/.github/copilot-instructions.md +0 -117
  60. package/.github/workflows/ci.yml +0 -25
  61. package/.husky/pre-commit +0 -1
  62. package/.lintstagedrc.json +0 -4
  63. package/.tool-versions +0 -1
  64. package/CODEOWNERS +0 -8
  65. package/CODE_OF_CONDUCT.md +0 -111
  66. package/CONTRIBUTING.md +0 -123
  67. package/SECURITY.md +0 -8
  68. package/docs/examples/logging-integration.md +0 -736
  69. package/eslint.config.mjs +0 -108
  70. package/prettier.config.mjs +0 -10
  71. package/scripts/test-setup.mjs +0 -24
  72. package/src/adapters/logging/generic.test.ts +0 -531
  73. package/src/core/patterns.ts +0 -22
  74. package/src/core/scrubber.test.ts +0 -465
  75. package/src/core/scrubber.ts +0 -284
  76. package/src/core/types.test.ts +0 -516
  77. package/src/core/types.ts +0 -176
  78. package/src/index.test.ts +0 -41
  79. package/tsconfig.cjs.json +0 -12
  80. package/tsconfig.esm.json +0 -12
  81. package/tsconfig.json +0 -32
  82. package/tsconfig.test.json +0 -9
package/{src/core/presets.ts → dist/esm/core/presets.js} RENAMED
@@ -15,51 +15,42 @@
15
15
  * ```
16
16
  */
17
17
  export const HEROKU_FIELDS = [
18
- // Authentication & Sessions
19
- 'access_token',
20
- /api[-_]?key/i, // Matches api_key, api-key, apikey (case insensitive)
21
- 'authenticity_token',
22
- 'heroku_oauth_token',
23
- 'heroku_session_nonce',
24
- 'heroku_user_session',
25
- 'oauth_token',
26
- 'sudo_oauth_token',
27
- 'super_user_session_secret',
28
- 'user_session_secret',
29
- 'postgres_session_nonce',
30
-
31
- // Passwords & Secrets
32
- 'password',
33
- 'passwd',
34
- 'old_secret',
35
- 'secret',
36
- 'secret_token',
37
- 'confirm_password',
38
- 'password_confirmation',
39
- /client[-_]?secret/i, // Matches client_secret, client-secret, clientsecret
40
-
41
- // Tokens & Codes
42
- 'token',
43
- 'code',
44
- 'state',
45
- 'bouncer.token',
46
- 'bouncer.refresh_token',
47
-
48
- // Headers (case-insensitive)
49
- /authorization/i,
50
- /cookie/i,
51
- /x-refresh-token/i,
52
-
53
- // SSO & Sessions
54
- 'www-sso-session',
55
-
56
- // Payment
57
- 'payment_method',
58
-
59
- // Infrastructure
60
- 'logplexUrl',
18
+ // Authentication & Sessions
19
+ 'access_token',
20
+ /api[-_]?key/i, // Matches api_key, api-key, apikey (case insensitive)
21
+ 'authenticity_token',
22
+ 'heroku_oauth_token',
23
+ 'heroku_session_nonce',
24
+ 'heroku_user_session',
25
+ 'oauth_token',
26
+ 'sudo_oauth_token',
27
+ 'super_user_session_secret',
28
+ 'user_session_secret',
29
+ 'postgres_session_nonce',
30
+ // Passwords & Secrets
31
+ 'password',
32
+ 'passwd',
33
+ 'old_secret',
34
+ 'secret',
35
+ 'secret_token',
36
+ 'confirm_password',
37
+ 'password_confirmation',
38
+ /client[-_]?secret/i, // Matches client_secret, client-secret, clientsecret
39
+ // Tokens
40
+ 'token',
41
+ 'bouncer.token',
42
+ 'bouncer.refresh_token',
43
+ // Headers (case-insensitive)
44
+ /authorization/i,
45
+ /cookie/i,
46
+ /x-refresh-token/i,
47
+ // SSO & Sessions
48
+ 'www-sso-session',
49
+ // Payment
50
+ 'payment_method',
51
+ // Infrastructure
52
+ 'logplexUrl',
61
53
  ];
62
-
63
54
  /**
64
55
  * GDPR-relevant PII field patterns
65
56
  *
@@ -82,14 +73,13 @@ export const HEROKU_FIELDS = [
82
73
  * ```
83
74
  */
84
75
  export const GDPR_FIELDS = [
85
- 'email',
86
- 'phone',
87
- 'address',
88
- 'postal_code',
89
- 'ssn',
90
- 'tax_id',
76
+ 'email',
77
+ 'phone',
78
+ 'address',
79
+ 'postal_code',
80
+ 'ssn',
81
+ 'tax_id',
91
82
  ];
92
-
93
83
  /**
94
84
  * PCI-DSS relevant field patterns
95
85
  *
@@ -115,8 +105,9 @@ export const GDPR_FIELDS = [
115
105
  * ```
116
106
  */
117
107
  export const PCI_FIELDS = [
118
- 'card_number',
119
- 'cvv',
120
- 'credit_card',
121
- 'payment_method',
108
+ 'card_number',
109
+ 'cvv',
110
+ 'credit_card',
111
+ 'payment_method',
122
112
  ];
113
+ //# sourceMappingURL=presets.js.map
package/dist/esm/core/presets.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/core/presets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,4BAA4B;IAC5B,cAAc;IACd,cAAc,EAAE,sDAAsD;IACtE,oBAAoB;IACpB,oBAAoB;IACpB,sBAAsB;IACtB,qBAAqB;IACrB,aAAa;IACb,kBAAkB;IAClB,2BAA2B;IAC3B,qBAAqB;IACrB,wBAAwB;IAExB,sBAAsB;IACtB,UAAU;IACV,QAAQ;IACR,YAAY;IACZ,QAAQ;IACR,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,oBAAoB,EAAE,qDAAqD;IAE3E,SAAS;IACT,OAAO;IACP,eAAe;IACf,uBAAuB;IAEvB,6BAA6B;IAC7B,gBAAgB;IAChB,SAAS;IACT,kBAAkB;IAElB,iBAAiB;IACjB,iBAAiB;IAEjB,UAAU;IACV,gBAAgB;IAEhB,iBAAiB;IACjB,YAAY;CACb,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,OAAO;IACP,OAAO;IACP,SAAS;IACT,aAAa;IACb,KAAK;IACL,QAAQ;CACT,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,aAAa;IACb,KAAK;IACL,aAAa;IACb,gBAAgB;CACjB,CAAC"}
package/dist/esm/core/scrubber.d.ts ADDED
@@ -0,0 +1,131 @@
1
+ import { ScrubConfig, ScrubResult } from './types.js';
2
+ /**
3
+ * Core Scrubber - Deep object traversal with PII scrubbing
4
+ *
5
+ * A high-performance, immutable scrubbing engine that removes sensitive data from structured objects.
6
+ * Supports three scrubbing modes:
7
+ * - **Field-based**: Scrubs values based on field names (e.g., 'password', 'apiToken')
8
+ * - **Path-based**: Scrubs values at specific paths (e.g., 'user.email', 'request.headers.authorization')
9
+ * - **Pattern-based**: Scrubs content matching regex patterns (e.g., SSN, credit cards)
10
+ *
11
+ * ### Design Principles
12
+ * - **Immutable**: All operations create new objects, never mutate inputs
13
+ * - **Type-safe**: Preserves TypeScript types through generic constraints
14
+ * - **Circular-safe**: Handles circular references without crashing
15
+ * - **Performance**: <1ms p95 for logging, <10ms p95 for exception handling (544k+ ops/sec)
16
+ *
17
+ * ### Pattern Adoption
18
+ * Patterns adopted from `@heroku/oauth-provider-adapters-for-mcp/src/logging/redaction.ts`:
19
+ * - Deep recursive traversal with circular reference detection
20
+ * - Immutable cloning strategy with fallback for complex objects
21
+ * - Nested path resolution (e.g., 'user.profile.email')
22
+ * - General array path handling (e.g., 'users[0].password')
23
+ * - Type-safe generics preserving input types
24
+ *
25
+ * Enhanced with:
26
+ * - Field-based matching supporting both strings and regular expressions
27
+ * - Pattern-based content scrubbing for SSN, credit cards, etc.
28
+ * - Dual scrubbing: both field/path matching AND content pattern replacement
29
+ *
30
+ * @example Basic Usage
31
+ * ```typescript
32
+ * const scrubber = new Scrubber({
33
+ * fields: ['password', 'apiToken'],
34
+ * replacement: '[REDACTED]'
35
+ * });
36
+ *
37
+ * const result = scrubber.scrub({
38
+ * user: { name: 'John', password: 'secret123' }
39
+ * });
40
+ * // Result: { user: { name: 'John', password: '[REDACTED]' } }
41
+ * ```
42
+ *
43
+ * @example Advanced Usage with All Modes
44
+ * ```typescript
45
+ * const scrubber = new Scrubber({
46
+ * fields: ['password', /api[-_]?key/i], // Regex matches api_key, api-key, apikey
47
+ * paths: ['user.email', 'request.headers.authorization'],
48
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g], // SSN pattern
49
+ * replacement: '[SCRUBBED]'
50
+ * });
51
+ *
52
+ * const result = scrubber.scrub({
53
+ * user: { name: 'John', email: 'john@example.com', password: 'secret' },
54
+ * request: { headers: { authorization: 'Bearer token123' } },
55
+ * message: 'User SSN is 123-45-6789'
56
+ * });
57
+ * ```
58
+ */
59
+ export declare class Scrubber {
60
+ private config;
61
+ private circularRefs;
62
+ private pathSet;
63
+ /**
64
+ * Creates a new Scrubber instance with the specified configuration
65
+ *
66
+ * @param config - Scrubbing configuration
67
+ * @param config.fields - Field names to scrub (strings or regex patterns)
68
+ * @param config.paths - Dot-notation paths to scrub (e.g., 'user.email', 'items[0].password')
69
+ * @param config.patterns - Regex patterns for content scrubbing (must include global flag for multiple matches)
70
+ * @param config.replacement - Replacement string for scrubbed values (default: '[SCRUBBED]')
71
+ * @param config.recursive - Whether to recursively scrub nested objects (default: true)
72
+ *
73
+ * @example
74
+ * ```typescript
75
+ * const scrubber = new Scrubber({
76
+ * fields: ['password', /api[-_]?key/i],
77
+ * paths: ['user.email'],
78
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
79
+ * replacement: '[REDACTED]'
80
+ * });
81
+ * ```
82
+ */
83
+ constructor(config: ScrubConfig);
84
+ /**
85
+ * Scrubs sensitive data from an object
86
+ *
87
+ * This is the main entry point for the scrubbing engine. It performs three types of scrubbing:
88
+ * 1. **Field-based**: Replaces values of fields matching configured field names/patterns
89
+ * 2. **Path-based**: Replaces values at specific dot-notation paths
90
+ * 3. **Pattern-based**: Replaces content within string values matching regex patterns
91
+ *
92
+ * The operation is immutable - the input object is not modified. A deep clone is created
93
+ * and scrubbed values are replaced in the clone.
94
+ *
95
+ * ### Performance Characteristics
96
+ * - Small objects (typical logs): ~0.003ms p95
97
+ * - Medium objects (typical errors): ~0.034ms p95
98
+ * - Large objects (10KB+): ~1.2ms p95
99
+ * - Throughput: 54,000+ events/sec
100
+ *
101
+ * @template T - The type of the input object (preserved in output)
102
+ * @param obj - The object to scrub
103
+ * @returns A result object containing the scrubbed data, whether scrubbing occurred, and which paths were scrubbed
104
+ *
105
+ * @example Basic scrubbing
106
+ * ```typescript
107
+ * const scrubber = new Scrubber({ fields: ['password'] });
108
+ * const result = scrubber.scrub({ user: 'john', password: 'secret' });
109
+ * // result.data === { user: 'john', password: '[SCRUBBED]' }
110
+ * // result.scrubbed === true
111
+ * // result.scrubbedPaths === ['password']
112
+ * ```
113
+ *
114
+ * @example Type preservation
115
+ * ```typescript
116
+ * interface User { name: string; email: string; password: string; }
117
+ * const scrubber = new Scrubber({ fields: ['password', 'email'] });
118
+ * const user: User = { name: 'John', email: 'john@example.com', password: 'secret' };
119
+ * const result = scrubber.scrub(user);
120
+ * // result.data is still typed as User
121
+ * ```
122
+ */
123
+ scrub<T>(obj: T): ScrubResult<T>;
124
+ private scrubObject;
125
+ private scrubValue;
126
+ /**
127
+ * Check if a field name matches any configured sensitive field patterns
128
+ */
129
+ private isSensitiveField;
130
+ private deepClone;
131
+ }
package/dist/esm/core/scrubber.js ADDED
@@ -0,0 +1,256 @@
1
+ /**
2
+ * Core Scrubber - Deep object traversal with PII scrubbing
3
+ *
4
+ * A high-performance, immutable scrubbing engine that removes sensitive data from structured objects.
5
+ * Supports three scrubbing modes:
6
+ * - **Field-based**: Scrubs values based on field names (e.g., 'password', 'apiToken')
7
+ * - **Path-based**: Scrubs values at specific paths (e.g., 'user.email', 'request.headers.authorization')
8
+ * - **Pattern-based**: Scrubs content matching regex patterns (e.g., SSN, credit cards)
9
+ *
10
+ * ### Design Principles
11
+ * - **Immutable**: All operations create new objects, never mutate inputs
12
+ * - **Type-safe**: Preserves TypeScript types through generic constraints
13
+ * - **Circular-safe**: Handles circular references without crashing
14
+ * - **Performance**: <1ms p95 for logging, <10ms p95 for exception handling (544k+ ops/sec)
15
+ *
16
+ * ### Pattern Adoption
17
+ * Patterns adopted from `@heroku/oauth-provider-adapters-for-mcp/src/logging/redaction.ts`:
18
+ * - Deep recursive traversal with circular reference detection
19
+ * - Immutable cloning strategy with fallback for complex objects
20
+ * - Nested path resolution (e.g., 'user.profile.email')
21
+ * - General array path handling (e.g., 'users[0].password')
22
+ * - Type-safe generics preserving input types
23
+ *
24
+ * Enhanced with:
25
+ * - Field-based matching supporting both strings and regular expressions
26
+ * - Pattern-based content scrubbing for SSN, credit cards, etc.
27
+ * - Dual scrubbing: both field/path matching AND content pattern replacement
28
+ *
29
+ * @example Basic Usage
30
+ * ```typescript
31
+ * const scrubber = new Scrubber({
32
+ * fields: ['password', 'apiToken'],
33
+ * replacement: '[REDACTED]'
34
+ * });
35
+ *
36
+ * const result = scrubber.scrub({
37
+ * user: { name: 'John', password: 'secret123' }
38
+ * });
39
+ * // Result: { user: { name: 'John', password: '[REDACTED]' } }
40
+ * ```
41
+ *
42
+ * @example Advanced Usage with All Modes
43
+ * ```typescript
44
+ * const scrubber = new Scrubber({
45
+ * fields: ['password', /api[-_]?key/i], // Regex matches api_key, api-key, apikey
46
+ * paths: ['user.email', 'request.headers.authorization'],
47
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g], // SSN pattern
48
+ * replacement: '[SCRUBBED]'
49
+ * });
50
+ *
51
+ * const result = scrubber.scrub({
52
+ * user: { name: 'John', email: 'john@example.com', password: 'secret' },
53
+ * request: { headers: { authorization: 'Bearer token123' } },
54
+ * message: 'User SSN is 123-45-6789'
55
+ * });
56
+ * ```
57
+ */
58
+ export class Scrubber {
59
+ config;
60
+ circularRefs = new WeakSet();
61
+ pathSet;
62
+ /**
63
+ * Creates a new Scrubber instance with the specified configuration
64
+ *
65
+ * @param config - Scrubbing configuration
66
+ * @param config.fields - Field names to scrub (strings or regex patterns)
67
+ * @param config.paths - Dot-notation paths to scrub (e.g., 'user.email', 'items[0].password')
68
+ * @param config.patterns - Regex patterns for content scrubbing (must include global flag for multiple matches)
69
+ * @param config.replacement - Replacement string for scrubbed values (default: '[SCRUBBED]')
70
+ * @param config.recursive - Whether to recursively scrub nested objects (default: true)
71
+ *
72
+ * @example
73
+ * ```typescript
74
+ * const scrubber = new Scrubber({
75
+ * fields: ['password', /api[-_]?key/i],
76
+ * paths: ['user.email'],
77
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
78
+ * replacement: '[REDACTED]'
79
+ * });
80
+ * ```
81
+ */
82
+ constructor(config) {
83
+ this.config = {
84
+ fields: config.fields || [],
85
+ paths: config.paths || [],
86
+ patterns: config.patterns || [],
87
+ replacement: config.replacement || '[SCRUBBED]',
88
+ recursive: config.recursive !== undefined ? config.recursive : true,
89
+ };
90
+ // Pre-compute path set for O(1) lookups
91
+ this.pathSet = new Set(this.config.paths);
92
+ }
93
+ /**
94
+ * Scrubs sensitive data from an object
95
+ *
96
+ * This is the main entry point for the scrubbing engine. It performs three types of scrubbing:
97
+ * 1. **Field-based**: Replaces values of fields matching configured field names/patterns
98
+ * 2. **Path-based**: Replaces values at specific dot-notation paths
99
+ * 3. **Pattern-based**: Replaces content within string values matching regex patterns
100
+ *
101
+ * The operation is immutable - the input object is not modified. A deep clone is created
102
+ * and scrubbed values are replaced in the clone.
103
+ *
104
+ * ### Performance Characteristics
105
+ * - Small objects (typical logs): ~0.003ms p95
106
+ * - Medium objects (typical errors): ~0.034ms p95
107
+ * - Large objects (10KB+): ~1.2ms p95
108
+ * - Throughput: 54,000+ events/sec
109
+ *
110
+ * @template T - The type of the input object (preserved in output)
111
+ * @param obj - The object to scrub
112
+ * @returns A result object containing the scrubbed data, whether scrubbing occurred, and which paths were scrubbed
113
+ *
114
+ * @example Basic scrubbing
115
+ * ```typescript
116
+ * const scrubber = new Scrubber({ fields: ['password'] });
117
+ * const result = scrubber.scrub({ user: 'john', password: 'secret' });
118
+ * // result.data === { user: 'john', password: '[SCRUBBED]' }
119
+ * // result.scrubbed === true
120
+ * // result.scrubbedPaths === ['password']
121
+ * ```
122
+ *
123
+ * @example Type preservation
124
+ * ```typescript
125
+ * interface User { name: string; email: string; password: string; }
126
+ * const scrubber = new Scrubber({ fields: ['password', 'email'] });
127
+ * const user: User = { name: 'John', email: 'john@example.com', password: 'secret' };
128
+ * const result = scrubber.scrub(user);
129
+ * // result.data is still typed as User
130
+ * ```
131
+ */
132
+ scrub(obj) {
133
+ const scrubbedPaths = [];
134
+ const cloned = this.deepClone(obj);
135
+ // Reset circular refs tracker for each scrub operation
136
+ this.circularRefs = new WeakSet();
137
+ const scrubbed = this.scrubObject(cloned, '', scrubbedPaths);
138
+ return {
139
+ data: scrubbed,
140
+ scrubbed: scrubbedPaths.length > 0,
141
+ scrubbedPaths,
142
+ };
143
+ }
144
+ scrubObject(obj, path, paths) {
145
+ // Handle circular references
146
+ if (obj && typeof obj === 'object') {
147
+ if (this.circularRefs.has(obj)) {
148
+ return '[Circular Reference]';
149
+ }
150
+ this.circularRefs.add(obj);
151
+ }
152
+ // Handle primitives
153
+ if (obj === null || typeof obj !== 'object') {
154
+ return this.scrubValue(obj, path, paths);
155
+ }
156
+ // Handle arrays
157
+ if (Array.isArray(obj)) {
158
+ return obj.map((item, index) => {
159
+ const indexStr = index.toString();
160
+ const arrayPath = path ? `${path}[${index}]` : indexStr;
161
+ // Check if this specific array index path should be scrubbed
162
+ if (this.pathSet.has(indexStr) || this.pathSet.has(arrayPath)) {
163
+ paths.push(arrayPath);
164
+ return this.config.replacement;
165
+ }
166
+ // Recursively scrub array items
167
+ return this.scrubObject(item, arrayPath, paths);
168
+ });
169
+ }
170
+ // Handle objects - create new object (immutable approach)
171
+ const result = {};
172
+ for (const [key, value] of Object.entries(obj)) {
173
+ const keyPath = path ? `${path}.${key}` : key;
174
+ // Check if this specific path should be scrubbed
175
+ if (this.pathSet.has(key) || this.pathSet.has(keyPath)) {
176
+ result[key] = this.config.replacement;
177
+ paths.push(keyPath);
178
+ continue;
179
+ }
180
+ // Check if key matches sensitive field pattern
181
+ if (this.isSensitiveField(key)) {
182
+ result[key] = this.config.replacement;
183
+ paths.push(keyPath);
184
+ continue;
185
+ }
186
+ // Recursively scrub value
187
+ result[key] = this.config.recursive
188
+ ? this.scrubObject(value, keyPath, paths)
189
+ : this.scrubValue(value, keyPath, paths);
190
+ }
191
+ return result;
192
+ }
193
+ scrubValue(value, path, paths) {
194
+ if (typeof value !== 'string') {
195
+ return value;
196
+ }
197
+ let scrubbed = value;
198
+ let didScrub = false;
199
+ // Check against patterns (SSN, credit cards, etc.)
200
+ for (const pattern of this.config.patterns) {
201
+ if (pattern.test(scrubbed)) {
202
+ scrubbed = scrubbed.replace(pattern, this.config.replacement);
203
+ didScrub = true;
204
+ }
205
+ }
206
+ if (didScrub) {
207
+ paths.push(path);
208
+ }
209
+ return scrubbed;
210
+ }
211
+ /**
212
+ * Check if a field name matches any configured sensitive field patterns
213
+ */
214
+ isSensitiveField(key) {
215
+ return this.config.fields.some((field) => {
216
+ if (field instanceof RegExp) {
217
+ return field.test(key);
218
+ }
219
+ return key.toLowerCase().includes(field.toLowerCase());
220
+ });
221
+ }
222
+ deepClone(obj) {
223
+ try {
224
+ // Fast path for JSON-serializable objects
225
+ return JSON.parse(JSON.stringify(obj));
226
+ }
227
+ catch {
228
+ // Fallback for objects with circular references
229
+ const seen = new WeakMap();
230
+ function clone(value) {
231
+ if (value === null || typeof value !== 'object') {
232
+ return value;
233
+ }
234
+ if (seen.has(value)) {
235
+ return seen.get(value);
236
+ }
237
+ if (Array.isArray(value)) {
238
+ const arr = [];
239
+ seen.set(value, arr);
240
+ value.forEach((item, i) => {
241
+ arr[i] = clone(item);
242
+ });
243
+ return arr;
244
+ }
245
+ const obj = {};
246
+ seen.set(value, obj);
247
+ Object.keys(value).forEach((key) => {
248
+ obj[key] = clone(value[key]);
249
+ });
250
+ return obj;
251
+ }
252
+ return clone(obj);
253
+ }
254
+ }
255
+ }
256
+ //# sourceMappingURL=scrubber.js.map
package/dist/esm/core/scrubber.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scrubber.js","sourceRoot":"","sources":["../../../src/core/scrubber.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,MAAM,OAAO,QAAQ;IACX,MAAM,CAAwB;IAC9B,YAAY,GAAG,IAAI,OAAO,EAAE,CAAC;IAC7B,OAAO,CAAc;IAE7B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,YAAY;YAC/C,SAAS,EAAE,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;SACpE,CAAC;QAEF,wCAAwC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,KAAK,CAAI,GAAM;QACb,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAEnC,uDAAuD;QACvD,IAAI,CAAC,YAAY,GAAG,IAAI,OAAO,EAAE,CAAC;QAElC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QAE7D,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;YAClC,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,GAAQ,EAAE,IAAY,EAAE,KAAe;QACzD,6BAA6B;QAC7B,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QAED,oBAAoB;QACpB,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBAExD,6DAA6D;gBAC7D,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBACtB,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACjC,CAAC;gBAED,gCAAgC;gBAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;YAClD,CAAC,CAAC,CAAC;QACL,CAAC;QAED,0DAA0D;QAC1D,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAE9C,iDAAiD;YACjD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvD,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,SAAS;YACX,CAAC;YAED,+CAA+C;YAC/C,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,SAAS;YACX,CAAC;YAED,0BAA0B;YAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS;gBACjC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC;gBACzC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,UAAU,CAAC,KAAU,EAAE,IAAY,EAAE,KAAe;QAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,mDAAmD;QACnD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAC9D,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,GAAW;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACvC,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;gBAC5B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YACD,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,SAAS,CAAI,GAAM;QACzB,IAAI,CAAC;YACH,0CAA0C;YAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,MAAM,IAAI,GAAG,IAAI,OAAO,EAAE,CAAC;YAE3B,SAAS,KAAK,CAAC,KAAU;gBACvB,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAChD,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;gBAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAU,EAAE,CAAC;oBACtB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBACrB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;wBACxB,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;oBACvB,CAAC,CAAC,CAAC;oBACH,OAAO,GAAG,CAAC;gBACb,CAAC;gBAED,MAAM,GAAG,GAAQ,EAAE,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACrB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;oBACjC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC/B,CAAC,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;CACF"}
package/dist/esm/core/scrubber.test.d.ts ADDED
@@ -0,0 +1 @@
1
+ export {};