@lavarage/telemetry 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +32 -15
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -43,6 +43,19 @@ class LavarageTelemetry {
|
|
|
43
43
|
}
|
|
44
44
|
try {
|
|
45
45
|
const win = window;
|
|
46
|
+
// Check for Solana wallets FIRST (since they're more specific and users might have both)
|
|
47
|
+
if (win.solana) {
|
|
48
|
+
// Phantom
|
|
49
|
+
if (win.solana.isPhantom) {
|
|
50
|
+
return 'Phantom';
|
|
51
|
+
}
|
|
52
|
+
// Solflare
|
|
53
|
+
if (win.solana.isSolflare) {
|
|
54
|
+
return 'Solflare';
|
|
55
|
+
}
|
|
56
|
+
// Generic Solana
|
|
57
|
+
return 'Solana';
|
|
58
|
+
}
|
|
46
59
|
// Check for Ethereum wallets
|
|
47
60
|
if (win.ethereum) {
|
|
48
61
|
// MetaMask
|
|
@@ -80,19 +93,6 @@ class LavarageTelemetry {
|
|
|
80
93
|
// Default to generic Ethereum
|
|
81
94
|
return 'Ethereum';
|
|
82
95
|
}
|
|
83
|
-
// Check for Solana wallets
|
|
84
|
-
if (win.solana) {
|
|
85
|
-
// Phantom
|
|
86
|
-
if (win.solana.isPhantom) {
|
|
87
|
-
return 'Phantom';
|
|
88
|
-
}
|
|
89
|
-
// Solflare
|
|
90
|
-
if (win.solana.isSolflare) {
|
|
91
|
-
return 'Solflare';
|
|
92
|
-
}
|
|
93
|
-
// Generic Solana
|
|
94
|
-
return 'Solana';
|
|
95
|
-
}
|
|
96
96
|
// Check for other wallet providers
|
|
97
97
|
if (win.web3) {
|
|
98
98
|
return 'Web3';
|
|
@@ -271,10 +271,27 @@ class LavarageTelemetry {
|
|
|
271
271
|
}
|
|
272
272
|
if (typeof data === 'object') {
|
|
273
273
|
const sanitized = {};
|
|
274
|
-
|
|
274
|
+
// Exact matches for sensitive keys
|
|
275
|
+
const exactSensitiveKeys = ['privateKey', 'mnemonic', 'password', 'secret', 'apiKey', 'authorization'];
|
|
276
|
+
// Patterns that indicate sensitive tokens (but not identifiers like baseToken, quoteToken)
|
|
277
|
+
const sensitiveTokenPatterns = [
|
|
278
|
+
/^access[_-]?token$/i,
|
|
279
|
+
/^auth[_-]?token$/i,
|
|
280
|
+
/^api[_-]?token$/i,
|
|
281
|
+
/^bearer[_-]?token$/i,
|
|
282
|
+
/^refresh[_-]?token$/i,
|
|
283
|
+
/^session[_-]?token$/i,
|
|
284
|
+
/^token$/i, // Only exact match for "token"
|
|
285
|
+
];
|
|
275
286
|
for (const [key, value] of Object.entries(data)) {
|
|
276
287
|
const lowerKey = key.toLowerCase();
|
|
277
|
-
|
|
288
|
+
// Check for exact matches first
|
|
289
|
+
const isExactMatch = exactSensitiveKeys.some(sk => lowerKey === sk.toLowerCase());
|
|
290
|
+
// Check for sensitive token patterns (but exclude common non-sensitive patterns)
|
|
291
|
+
const isSensitiveToken = sensitiveTokenPatterns.some(pattern => pattern.test(key));
|
|
292
|
+
// Exclude common non-sensitive patterns that contain "token"
|
|
293
|
+
const isNonSensitiveToken = /^(base|quote|tokenId|tokenAddress|tokenSymbol|tokenName|tokenUri|tokenType|tokenContract|tokenDecimals)/i.test(key);
|
|
294
|
+
const isSensitive = isExactMatch || (isSensitiveToken && !isNonSensitiveToken);
|
|
278
295
|
if (isSensitive) {
|
|
279
296
|
sanitized[key] = '[REDACTED]';
|
|
280
297
|
}
|