@mhosaic/feedback 0.13.0 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-64HXWJCH.mjs → chunk-67JM6XVT.mjs} +78 -197
- package/dist/chunk-67JM6XVT.mjs.map +1 -0
- package/dist/{chunk-DKE6ELJ4.mjs → chunk-FGA63IEZ.mjs} +16 -4
- package/dist/chunk-FGA63IEZ.mjs.map +1 -0
- package/dist/embed.min.js +4 -38
- package/dist/embed.min.js.map +1 -1
- package/dist/error-tracking.d.ts +19 -0
- package/dist/error-tracking.mjs +35 -4
- package/dist/error-tracking.mjs.map +1 -1
- package/dist/index.mjs +2 -2
- package/dist/react.mjs +2 -2
- package/dist/webvitals.mjs +1 -1
- package/package.json +1 -1
- package/dist/chunk-64HXWJCH.mjs.map +0 -1
- package/dist/chunk-DKE6ELJ4.mjs.map +0 -1
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
// src/capture/scrub.ts
|
|
2
2
|
var SENSITIVE_TOKEN_PATTERNS = [
|
|
3
|
-
// Mhosaic feedback keys.
|
|
4
|
-
|
|
3
|
+
// Mhosaic feedback keys. Match ANY tail length — a backend error echo can
|
|
4
|
+
// truncate the suffix (e.g. `sk_proj_***abc`) and the redaction must still
|
|
5
|
+
// catch the prefix.
|
|
6
|
+
/\b(?:sk|pk)_proj_[A-Za-z0-9_*-]+/g,
|
|
5
7
|
// JWT shape (header.payload.signature).
|
|
6
8
|
/\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
|
|
7
9
|
// "Bearer <token>" and "Authorization: …" headers.
|
|
@@ -14,7 +16,17 @@ var SENSITIVE_TOKEN_PATTERNS = [
|
|
|
14
16
|
// AWS access key id.
|
|
15
17
|
/\bAKIA[0-9A-Z]{12,}\b/g,
|
|
16
18
|
// Slack tokens.
|
|
17
|
-
/\bxox[abprso]-[A-Za-z0-9-]{12,}\b/g
|
|
19
|
+
/\bxox[abprso]-[A-Za-z0-9-]{12,}\b/g,
|
|
20
|
+
// Google API keys (Maps, GCP, Firebase, etc.).
|
|
21
|
+
/\bAIza[0-9A-Za-z_-]{35}\b/g,
|
|
22
|
+
// OpenAI API keys (legacy, project-scoped, service-account).
|
|
23
|
+
/\bsk-(?:proj-|svcacct-)?[A-Za-z0-9_-]{20,}\b/g,
|
|
24
|
+
// Anthropic API keys.
|
|
25
|
+
/\bsk-ant-(?:api03-)?[A-Za-z0-9_-]{40,}\b/g,
|
|
26
|
+
// Twilio account / API SIDs (paired secret would also be redacted by the
|
|
27
|
+
// Stripe-shape regex if it's prefixed sk_).
|
|
28
|
+
/\bAC[a-f0-9]{32}\b/g,
|
|
29
|
+
/\bSK[a-f0-9]{32}\b/g
|
|
18
30
|
];
|
|
19
31
|
function scrubCredentials(text) {
|
|
20
32
|
let out = text;
|
|
@@ -27,4 +39,4 @@ function scrubCredentials(text) {
|
|
|
27
39
|
export {
|
|
28
40
|
scrubCredentials
|
|
29
41
|
};
|
|
30
|
-
//# sourceMappingURL=chunk-
|
|
42
|
+
//# sourceMappingURL=chunk-FGA63IEZ.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/capture/scrub.ts"],"sourcesContent":["/**\n * Shared credential-shaped-string scrubber.\n *\n * Used by every capture module (console, error, performance, network) so a\n * single regression in any one path can't leak credentials a sibling path\n * already cleans. Patterns mirror the ones in the URL sanitizer's\n * value-shape detector — keep them in sync.\n */\n\nexport const SENSITIVE_TOKEN_PATTERNS: RegExp[] = [\n // Mhosaic feedback keys. Match ANY tail length — a backend error echo can\n // truncate the suffix (e.g. `sk_proj_***abc`) and the redaction must still\n // catch the prefix.\n /\\b(?:sk|pk)_proj_[A-Za-z0-9_*-]+/g,\n // JWT shape (header.payload.signature).\n /\\beyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\b/g,\n // \"Bearer <token>\" and \"Authorization: …\" headers.\n /\\bBearer\\s+[A-Za-z0-9._~+/=-]{16,}\\b/g,\n /\\bAuthorization\\s*[:=]\\s*[\"']?[A-Za-z0-9._~+/=-]{16,}[\"']?/gi,\n // GitHub PATs.\n /\\bgh[pousr]_[A-Za-z0-9]{30,}\\b/g,\n // Stripe live/test secret keys + webhook secrets.\n /\\b(?:sk|pk|rk|whsec)_(?:live|test)_[A-Za-z0-9]{16,}\\b/g,\n // AWS access key id.\n /\\bAKIA[0-9A-Z]{12,}\\b/g,\n // Slack tokens.\n /\\bxox[abprso]-[A-Za-z0-9-]{12,}\\b/g,\n // Google API keys (Maps, GCP, Firebase, etc.).\n /\\bAIza[0-9A-Za-z_-]{35}\\b/g,\n // OpenAI API keys (legacy, project-scoped, service-account).\n /\\bsk-(?:proj-|svcacct-)?[A-Za-z0-9_-]{20,}\\b/g,\n // Anthropic API keys.\n /\\bsk-ant-(?:api03-)?[A-Za-z0-9_-]{40,}\\b/g,\n // Twilio account / API SIDs (paired secret would also be redacted by the\n // Stripe-shape regex if it's prefixed sk_).\n /\\bAC[a-f0-9]{32}\\b/g,\n /\\bSK[a-f0-9]{32}\\b/g,\n]\n\nexport function scrubCredentials(text: string): string {\n let out = text\n for (const re of SENSITIVE_TOKEN_PATTERNS) {\n out = out.replace(re, '[redacted-token]')\n }\n return out\n}\n"],"mappings":";AASO,IAAM,2BAAqC;AAAA;AAAA;AAAA;AAAA,EAIhD;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EACA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA;AAAA,EAGA;AAAA,EACA;AACF;AAEO,SAAS,iBAAiB,MAAsB;AACrD,MAAI,MAAM;AACV,aAAW,MAAM,0BAA0B;AACzC,UAAM,IAAI,QAAQ,IAAI,kBAAkB;AAAA,EAC1C;AACA,SAAO;AACT;","names":[]}
|