npm - @tracelog/lib - Versions diffs - 0.9.0 → 0.10.0 - Mend

@tracelog/lib 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/README.md +46 -0
package/dist/browser/tracelog.esm.js +671 -640
package/dist/browser/tracelog.esm.js.map +1 -1
package/dist/browser/tracelog.js +2 -2
package/dist/browser/tracelog.js.map +1 -1
package/dist/cjs/constants/config.constants.d.ts +1 -0
package/dist/cjs/constants/config.constants.d.ts.map +1 -1
package/dist/cjs/constants/config.constants.js +19 -2
package/dist/cjs/constants/config.constants.js.map +1 -1
package/dist/cjs/handlers/click.handler.d.ts +2 -0
package/dist/cjs/handlers/click.handler.d.ts.map +1 -1
package/dist/cjs/handlers/click.handler.js +27 -5
package/dist/cjs/handlers/click.handler.js.map +1 -1
package/dist/cjs/utils/network/url.utils.d.ts +2 -1
package/dist/cjs/utils/network/url.utils.d.ts.map +1 -1
package/dist/cjs/utils/network/url.utils.js +6 -2
package/dist/cjs/utils/network/url.utils.js.map +1 -1
package/dist/esm/constants/config.constants.d.ts +1 -0
package/dist/esm/constants/config.constants.d.ts.map +1 -1
package/dist/esm/constants/config.constants.js +17 -0
package/dist/esm/constants/config.constants.js.map +1 -1
package/dist/esm/handlers/click.handler.d.ts +2 -0
package/dist/esm/handlers/click.handler.d.ts.map +1 -1
package/dist/esm/handlers/click.handler.js +28 -6
package/dist/esm/handlers/click.handler.js.map +1 -1
package/dist/esm/utils/network/url.utils.d.ts +2 -1
package/dist/esm/utils/network/url.utils.d.ts.map +1 -1
package/dist/esm/utils/network/url.utils.js +6 -2
package/dist/esm/utils/network/url.utils.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -449,6 +449,52 @@ npm run test:unit                           # Unit tests
 npm run test:e2e                            # E2E tests
 ```
+## Security & Privacy
+TraceLog is designed with **privacy-first** principles. Key security guarantees:
+### ✅ What We Protect
+- **Input Value Protection**: NEVER captures values from `<input>`, `<textarea>`, or `<select>` elements
+- **PII Sanitization**: Automatically redacts emails, phone numbers, credit cards, and API keys from error messages and click text
+- **Default URL Filtering**: Removes sensitive query parameters (`token`, `auth`, `key`, `session`, `password`, `api_key`, `secret`, etc.)
+- **Client-Side Controls**: All validation, sampling, and deduplication happen in the browser
+- **XSS Protection**: All metadata is sanitized against common XSS patterns
+### 🛡️ Tools for You
+- **`data-tlog-ignore` Attribute**: Exclude sensitive UI elements from tracking
+  ```html
+  <!-- Payment form - completely ignored -->
+  <div data-tlog-ignore>
+    <input type="text" name="card_number">
+    <button>Pay Now</button>
+  </div>
+  ```
+- **Custom URL Parameters**: Extend default filtering with your own sensitive params
+  ```typescript
+  await tracelog.init({
+    sensitiveQueryParams: ['affiliate_id', 'promo_code'] // Merged with defaults
+  });
+  ```
+- **Conditional Sampling**: Adjust tracking based on user consent level
+  ```typescript
+  const samplingRate = userConsent === 'full' ? 1.0 : 0.1;
+  await tracelog.init({ samplingRate });
+  ```
+### 📋 Your Responsibilities
+- **GDPR Consent**: Initialize TraceLog ONLY after user consent, call `destroy()` on revoke
+- **Custom Event Data**: Sanitize PII before sending via `tracelog.event()`
+- **Sensitive Elements**: Mark admin/payment UI with `data-tlog-ignore`
+**📚 Read the full security guide:** [SECURITY.md](./SECURITY.md)
+---
 ## License
 MIT © TraceLog. See [LICENSE](LICENSE) file for details.