@zapier/secret-scrubber 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +9 -3
  2. package/lib/convenience.js +8 -0
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,8 +1,14 @@
1
+ ## 1.0.7
2
+
3
+ _released `2022-04-28`_
4
+
5
+ - add simple checks when checking if input is a url ([!7](https://gitlab.com/zapier/team-developer-platform/secret-scrubber-js/-/merge_requests/7))
6
+
1
7
  ## 1.0.6
2
8
 
3
9
  _released `2022-04-06`_
4
10
 
5
- - tweak `findSensitiveValues` to no longer return _any_ url with a querystring. It's always tried to extract secrets from a url, but now doesn't fall back to censoring the whole url.
11
+ - tweak `findSensitiveValues` to no longer return _any_ url with a querystring. It's always tried to extract secrets from a url, but now doesn't fall back to censoring the whole url ([!6](https://gitlab.com/zapier/team-developer-platform/secret-scrubber-js/-/merge_requests/6))
6
12
 
7
13
  Calling `findSensitiveValues` with a structure containing urls:
8
14
 
@@ -16,13 +22,13 @@ Calling `findSensitiveValues` with a structure containing urls:
16
22
 
17
23
  _released `2021-10-25`_
18
24
 
19
- - Reduce `scrub` memory usage
25
+ - Reduce `scrub` memory usage ([!5](https://gitlab.com/zapier/team-developer-platform/secret-scrubber-js/-/merge_requests/5))
20
26
 
21
27
  ## 1.0.4
22
28
 
23
29
  _released `2021-10-04`_
24
30
 
25
- - add `api-key` to sensitive substrings [!4](https://gitlab.com/zapier/team-developer-platform/secret-scrubber-js/-/merge_requests/4)
31
+ - add `api-key` to sensitive substrings ([!4](https://gitlab.com/zapier/team-developer-platform/secret-scrubber-js/-/merge_requests/4))
26
32
 
27
33
  ## 1.0.3
28
34
 
package/lib/convenience.js CHANGED
@@ -23,6 +23,14 @@ exports.SENSITIVE_SUBSTRINGS = [
23
23
  * * has potentially secret information, such as a password or querystring
24
24
  */
25
25
  const isUrlWithSecrets = (val) => {
26
+ // creating a URL object is a little expensive; perform a couple of quick checks first
27
+ if (typeof val !== 'string') {
28
+ return false;
29
+ }
30
+ // if this doesn't start with http(s), it's probably not a url we care about
31
+ if (!val.startsWith('http')) {
32
+ return false;
33
+ }
26
34
  let url;
27
35
  try {
28
36
  url = new url_1.URL(val);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zapier/secret-scrubber",
3
- "version": "1.0.6",
3
+ "version": "1.0.7",
4
4
  "description": "Confidently remove secrets and sensitive values from unstructured objects.",
5
5
  "main": "lib/index.js",
6
6
  "typings": "lib/index.d.ts",