npm - ag-common - Versions diffs - 0.0.753 → 0.0.754 - Mend

ag-common 0.0.753 → 0.0.754

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/common/helpers/log.js +11 -1
package/dist/common/helpers/string/redact.js +39 -1
package/package.json +1 -1

package/dist/common/helpers/log.js CHANGED Viewed

@@ -36,7 +36,17 @@ function logprocess(type, args) {
     const log = [
         `[${datetime}]`,
         type,
-        ...args.filter(array_1.notEmpty).map((s) => (0, redact_1.redactObject)(s)),
+        ...args.filter(array_1.notEmpty).map((s) => {
+            // Handle Error instances specially to preserve their message
+            if (s instanceof Error) {
+                return (0, redact_1.redactObject)({
+                    message: s.message,
+                    name: s.name,
+                    stack: s.stack,
+                });
+            }
+            return (0, redact_1.redactObject)(s);
+        }),
     ];
     if (logShim) {
         logShim(...log);

package/dist/common/helpers/string/redact.js CHANGED Viewed

@@ -6,10 +6,48 @@ function redactString(str) {
     let ret = str;
     ret = ret || '';
     const repl = '$1<redacted>$2';
+    // OAuth and authentication tokens
     ret = ret.replace(/(\b)grant_type.+?(\b)/gm, repl);
     ret = ret.replace(/(\b)Bearer .+?(\b)/gm, repl);
-    //jwt (base64 with .s)
+    // JWT tokens (base64 with dots)
     ret = ret.replace(/(eyJ[\w-_.]*\.[\w-_.]*\.[\w-_.]*)/gim, '<redacted>');
+    // API Keys (various formats)
+    ret = ret.replace(/(\b)(sk_live_|sk_test_|pk_live_|pk_test_)[\w-]+/gi, '$1<redacted>'); // Stripe
+    ret = ret.replace(/(\b)(AKIA[0-9A-Z]{16})/gi, '$1<redacted>'); // AWS Access Key ID
+    ret = ret.replace(/(aws_secret_access_key["\s]*[:=]["\s]*)([0-9a-zA-Z/+]{40})/gi, '$1<redacted>'); // AWS Secret Access Key pattern
+    ret = ret.replace(/(\b)(AIza[0-9A-Za-z\\-_]{35})/gi, '$1<redacted>'); // Google API Key
+    ret = ret.replace(/(\b)(ya29\.[0-9A-Za-z\\-_]+)/gi, '$1<redacted>'); // Google OAuth Access Token
+    ret = ret.replace(/(\b)(glpat-[a-zA-Z0-9\\-_]{20})/gi, '$1<redacted>'); // GitLab Personal Access Token
+    ret = ret.replace(/(\b)(ghp_[a-zA-Z0-9]{36})/gi, '$1<redacted>'); // GitHub Personal Access Token
+    ret = ret.replace(/(\b)(github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})/gi, '$1<redacted>'); // GitHub Fine-grained PAT
+    // Password patterns in key-value pairs
+    ret = ret.replace(/(password["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(passwd["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(pwd["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(secret["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(token["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(^|[^a-zA-Z])(api_?key|private_?key|secret_?key)["\s]*[:=]["\s]*([^",\s}]+)/gi, '$1$2<redacted>');
+    ret = ret.replace(/(auth["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    // Database connection strings
+    ret = ret.replace(/(mongodb:\/\/[^:]+:)([^@]+)(@)/gi, '$1<redacted>$3');
+    ret = ret.replace(/(mysql:\/\/[^:]+:)([^@]+)(@)/gi, '$1<redacted>$3');
+    ret = ret.replace(/(postgresql:\/\/[^:]+:)([^@]+)(@)/gi, '$1<redacted>$3');
+    ret = ret.replace(/(redis:\/\/[^:]+:)([^@]+)(@)/gi, '$1<redacted>$3');
+    // Credit card numbers (basic pattern)
+    ret = ret.replace(/(\b)([3-6]\d{3}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{3,4})(\b)/g, '$1<redacted>$3');
+    // Social Security Numbers (US format)
+    ret = ret.replace(/(\b)(\d{3}[-\s]?\d{2}[-\s]?\d{4})(\b)/g, '$1<redacted>$3');
+    // Private keys
+    ret = ret.replace(/(-----BEGIN [A-Z\s]+PRIVATE KEY-----)([\s\S]*?)(-----END [A-Z\s]+PRIVATE KEY-----)/gi, '$1\n<redacted>\n$3');
+    // Session IDs and UUIDs in headers/cookies
+    ret = ret.replace(/(sessionid["\s]*[:=]["\s]*)([a-zA-Z0-9]{32,})/gi, '$1<redacted>');
+    ret = ret.replace(/(session["\s]*[:=]["\s]*)([a-zA-Z0-9]{32,})/gi, '$1<redacted>');
+    ret = ret.replace(/(csrftoken["\s]*[:=]["\s]*)([a-zA-Z0-9]{32,})/gi, '$1<redacted>');
+    // Common environment variable patterns
+    ret = ret.replace(/(DATABASE_URL["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(REDIS_URL["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(SMTP_PASSWORD["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
+    ret = ret.replace(/(ENCRYPTION_KEY["\s]*[:=]["\s]*)([^",\s}]+)/gi, '$1<redacted>');
     return ret;
 }
 function redactObject(ob) {

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "0.0.753",
+  "version": "0.0.754",
   "name": "ag-common",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",