llm-mask 0.3.0

package/dist/patterns.js

@@ -0,0 +1,184 @@
+/**
+ * Built-in masking patterns
+ * These are organized by priority (higher = applied first)
+ */
+/**
+ * Built-in patterns for detecting sensitive data
+ *
+ * Priority order:
+ * 1. API keys and secrets (most specific, most sensitive)
+ * 2. Auth tokens and session IDs
+ * 3. PII (emails, phones, SSNs, credit cards)
+ * 4. Network identifiers (IPs, domains, URLs)
+ * 5. Internal identifiers (UUIDs, potentially-sensitive numbers)
+ */
+export const BUILTIN_PATTERNS = [
+    // ===== Priority 100: API Keys and Secrets =====
+    {
+        name: 'anthropic_api_key',
+        regex: /\b(sk-ant-[a-zA-Z0-9\-_]{20,})\b/g,
+        placeholder: (i) => `[ANTHROPIC_KEY_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'openai_api_key',
+        regex: /\b(sk(-proj)?-[a-zA-Z0-9]{10,})\b/g,
+        placeholder: (i) => `[OPENAI_KEY_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'stripe_live_key',
+        regex: /\b(sk_live_[a-zA-Z0-9]{24,})\b/g,
+        placeholder: (i) => `[STRIPE_LIVE_KEY_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'stripe_test_key',
+        regex: /\b(sk_test_[a-zA-Z0-9]{24,})\b/g,
+        placeholder: (i) => `[STRIPE_TEST_KEY_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'aws_access_key',
+        regex: /\b(AKIA[0-9A-Z]{16})\b/g,
+        placeholder: (i) => `[AWS_ACCESS_KEY_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'github_token',
+        regex: /\b(ghp_|gho_|ghu_|ghs_|ghr_)[a-zA-Z0-9]{36,}\b/g,
+        placeholder: (i) => `[GITHUB_TOKEN_${i}]`,
+        priority: 100
+    },
+    {
+        name: 'jwt_token',
+        regex: /\b(eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+)\b/g,
+        placeholder: (i) => `[JWT_${i}]`,
+        priority: 100
+    },
+    // Generic API key patterns (must come after specific ones)
+    {
+        name: 'api_key_equals',
+        regex: /(['"]?(api_key|apikey|api-key|x-api-key|authorization|bearer|token)['"]?\s*[:=]\s*['"]?)([a-zA-Z0-9\-_\.]{16,})(['"]?)/gi,
+        placeholder: (i) => `$1[API_KEY_${i}]$4`,
+        priority: 95
+    },
+    {
+        name: 'aws_secret',
+        regex: /(['"]?(aws_secret_access_key|secret_access_key|secret_key)['"]?\s*[:=]\s*['"]?)([a-zA-Z0-9/+=]{16,})(['"]?)/gi,
+        placeholder: (i) => `$1[AWS_SECRET_${i}]$4`,
+        priority: 95
+    },
+    {
+        name: 'session_token',
+        regex: /(['"]?(session|session_id|sessionid|sess)['"]?\s*[:=]\s*['"]?)([a-zA-Z0-9\-_]{16,})(['"]?)/gi,
+        placeholder: (i) => `$1[SESSION_${i}]$4`,
+        priority: 90
+    },
+    // ===== Priority 80: PII =====
+    {
+        name: 'email',
+        regex: /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g,
+        placeholder: (i) => `[EMAIL_${i}]`,
+        priority: 80
+    },
+    {
+        name: 'ssn',
+        regex: /\b\d{3}[-.\s]?\d{2}[-.\s]?\d{4}\b/g,
+        placeholder: (i) => `[SSN_${i}]`,
+        priority: 80
+    },
+    {
+        name: 'credit_card',
+        regex: /\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g,
+        placeholder: (i) => `[CARD_${i}]`,
+        priority: 80
+    },
+    {
+        name: 'phone_us',
+        regex: /\b(\+?1[-.\s]?)?\(?[0-9]{3}\)?[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}\b/g,
+        placeholder: (i) => `[PHONE_${i}]`,
+        priority: 80
+    },
+    // ===== Priority 60: URLs =====
+    {
+        name: 'url_with_creds',
+        regex: /\b([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)([^:/\s]+):([^\s@/]+)@/g,
+        placeholder: (i) => `$1[CREDENTIALS_${i}]@`,
+        priority: 60
+    },
+    {
+        name: 'url_internal',
+        regex: /\bhttps?:\/\/(?:[a-zA-Z0-9-]+\.)?(?:internal|private|localhost|127\.0\.0\.1|10\.|192\.168\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[01]\.)[^\s]*\b/gi,
+        placeholder: (i) => `[INTERNAL_URL_${i}]`,
+        priority: 55
+    },
+    // ===== Priority 40: Network =====
+    {
+        name: 'ip_address',
+        regex: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
+        placeholder: (i) => `[IP_${i}]`,
+        priority: 40
+    },
+    {
+        name: 'ipv6',
+        regex: /\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
+        placeholder: (i) => `[IPV6_${i}]`,
+        priority: 40
+    },
+    // ===== Priority 30: Identifiers =====
+    {
+        name: 'uuid',
+        regex: /\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b/g,
+        placeholder: (i) => `[UUID_${i}]`,
+        priority: 30
+    },
+    {
+        name: 'hash_sha256',
+        regex: /\b[a-f0-9]{64}\b/g,
+        placeholder: (i) => `[SHA256_${i}]`,
+        priority: 25
+    },
+    {
+        name: 'hash_md5',
+        regex: /\b[a-f0-9]{32}\b/g,
+        placeholder: (i) => `[MD5_${i}]`,
+        priority: 25
+    },
+    // ===== Priority 20: File Paths =====
+    {
+        name: 'file_path_unix',
+        regex: /\/(?:home|Users|var|etc|opt|usr|root|tmp)\/[^\s<>"{}|\\^`\[\]]*/g,
+        placeholder: (i) => `[PATH_${i}]`,
+        priority: 20
+    },
+    {
+        name: 'file_path_windows',
+        regex: /(?:[A-Z]:\\(?:Users|Program Files|Windows|ProgramData|temp)[^\s<>"{}|\\^`\[\]]*)|(?:\\\\[^\s<>"{}|\\^`\[\]]+)/g,
+        placeholder: (i) => `[PATH_${i}]`,
+        priority: 20
+    }
+];
+/**
+ * Get patterns by mask level
+ */
+export function getPatternsByLevel(level) {
+    const priority = (p) => p.priority ?? 50;
+    switch (level) {
+        case 'basic':
+            return BUILTIN_PATTERNS.filter(p => priority(p) >= 90);
+        case 'standard':
+            return BUILTIN_PATTERNS.filter(p => priority(p) >= 40);
+        case 'aggressive':
+            return BUILTIN_PATTERNS;
+        default:
+            return BUILTIN_PATTERNS.filter(p => priority(p) >= 40);
+    }
+}
+/**
+ * Get pattern by name
+ */
+export function getPatternByName(name) {
+    return BUILTIN_PATTERNS.find(p => p.name === name);
+}
+//# sourceMappingURL=patterns.js.map

package/dist/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../src/patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAkB;IAC7C,iDAAiD;IACjD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,mCAAmC;QAC1C,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG;QAC1C,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,GAAG;QACvC,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG;QAC5C,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG;QAC5C,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG;QAC3C,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,iDAAiD;QACxD,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG;QACzC,QAAQ,EAAE,GAAG;KACd;IACD;QACE,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,0DAA0D;QACjE,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG;QAChC,QAAQ,EAAE,GAAG;KACd;IACD,2DAA2D;IAC3D;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,0HAA0H;QACjI,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK;QACxC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,+GAA+G;QACtH,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK;QAC3C,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,8FAA8F;QACrG,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK;QACxC,QAAQ,EAAE,EAAE;KACb;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,qDAAqD;QAC5D,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG;QAClC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG;QAChC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,6CAA6C;QACpD,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG;QACjC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iEAAiE;QACxE,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG;QAClC,QAAQ,EAAE,EAAE;KACb;IAED,gCAAgC;IAChC;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,yDAAyD;QAChE,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI;QAC3C,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,iJAAiJ;QACxJ,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG;QACzC,QAAQ,EAAE,EAAE;KACb;IAED,mCAAmC;IACnC;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,gGAAgG;QACvG,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG;QAC/B,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,+CAA+C;QACtD,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG;QACjC,QAAQ,EAAE,EAAE;KACb;IAED,uCAAuC;IACvC;QACE,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,kFAAkF;QACzF,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG;QACjC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG;QACnC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG;QAChC,QAAQ,EAAE,EAAE;KACb;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,gBAAgB;QACtB,KAAK,EAAE,kEAAkE;QACzE,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG;QACjC,QAAQ,EAAE,EAAE;KACb;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,gHAAgH;QACvH,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG;QACjC,QAAQ,EAAE,EAAE;KACb;CACF,CAAA;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,QAAQ,GAAG,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAA;IACrD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,OAAO;YACV,OAAO,gBAAgB,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CACvB,CAAA;QACH,KAAK,UAAU;YACb,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;QACxD,KAAK,YAAY;YACf,OAAO,gBAAgB,CAAA;QACzB;YACE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAA;AACpD,CAAC"}

package/dist/scanner.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Scanner - scan codebases for sensitive data
+ *
+ * Recursively scans directories, finds files, checks for patterns
+ */
+export interface ScanResult {
+    file: string;
+    line: number;
+    pattern: string;
+    placeholder: string;
+    lineContent: string;
+}
+export interface ScanReport {
+    scans: {
+        totalFiles: number;
+        scannedFiles: number;
+        skippedFiles: number;
+    };
+    findings: ScanResult[];
+    summary: {
+        byPattern: Record<string, number>;
+        byFile: Record<string, number>;
+        total: number;
+    };
+}
+export interface ScanOptions {
+    /** File extensions to scan (empty = all) */
+    extensions?: string[];
+    /** Patterns to exclude (regex) */
+    excludePatterns?: RegExp[];
+    /** Directories to skip */
+    skipDirs?: string[];
+    /** Max file size in bytes */
+    maxSize?: number;
+    /** Fail on detection (for CI/CD) */
+    failOnDetect?: boolean;
+    /** Masking level */
+    level?: 'basic' | 'standard' | 'aggressive';
+}
+/**
+ * Scanner - find secrets in codebases
+ */
+export declare class Scanner {
+    private masker;
+    private options;
+    constructor(options?: ScanOptions);
+    /**
+     * Scan a directory recursively
+     */
+    scan(dir: string): Promise<ScanReport>;
+    /**
+     * Scan a single file
+     */
+    scanFile(filePath: string): ScanResult[];
+    /**
+     * Format report as text
+     */
+    formatReport(report: ScanReport, baseDir: string): string;
+    /**
+     * Get severity icon for pattern
+     */
+    private getSeverityIcon;
+}
+/**
+ * Error thrown when sensitive patterns are detected
+ */
+export declare class ScanError extends Error {
+    report: ScanReport;
+    constructor(message: string, report: ScanReport);
+}
+/**
+ * Convenience function to scan a directory
+ */
+export declare function scanDirectory(dir: string, options?: ScanOptions): Promise<ScanReport>;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE;QACL,UAAU,EAAE,MAAM,CAAA;QAClB,YAAY,EAAE,MAAM,CAAA;QACpB,YAAY,EAAE,MAAM,CAAA;KACrB,CAAA;IACD,QAAQ,EAAE,UAAU,EAAE,CAAA;IACtB,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QACjC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QAC9B,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;CACF;AAED,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,kCAAkC;IAClC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAA;IAC1B,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,oCAAoC;IACpC,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB,oBAAoB;IACpB,KAAK,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,YAAY,CAAA;CAC5C;AA4BD;;GAEG;AACH,qBAAa,OAAO;IAClB,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,OAAO,CAAuB;gBAE1B,OAAO,GAAE,WAAgB;IAYrC;;OAEG;IACG,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAmG5C;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE;IAkCxC;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM;IAiDzD;;OAEG;IACH,OAAO,CAAC,eAAe;CAkBxB;AAED;;GAEG;AACH,qBAAa,SAAU,SAAQ,KAAK;IAC3B,MAAM,EAAE,UAAU,CAAA;gBAEb,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU;CAKhD;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,WAAW,GACpB,OAAO,CAAC,UAAU,CAAC,CAGrB"}

package/dist/scanner.js

@@ -0,0 +1,247 @@
+/**
+ * Scanner - scan codebases for sensitive data
+ *
+ * Recursively scans directories, finds files, checks for patterns
+ */
+import { readFileSync, readdirSync, statSync } from 'fs';
+import { join, extname, relative, resolve } from 'path';
+import { DataMasker } from './masker.js';
+const DEFAULT_SKIP_DIRS = [
+    'node_modules',
+    '.git',
+    'dist',
+    'build',
+    'target',
+    'vendor',
+    '.venv',
+    'venv',
+    '__pycache__',
+    '.next',
+    '.nuxt',
+    'coverage'
+];
+const TEXT_EXTENSIONS = [
+    '.js', '.ts', '.jsx', '.tsx', '.mjs', '.cjs',
+    '.py', '.rb', '.go', '.rs', '.java', '.kt', '.swift',
+    '.sh', '.bash', '.zsh', '.fish',
+    '.env', '.config', '.conf', '.ini', '.yaml', '.yml', '.json', '.toml',
+    '.md', '.txt', '.csv', '.log',
+    '.sql', '.graphql', '.gql',
+    '.html', '.css', '.scss', '.less',
+    '.xml', '.dto'
+];
+/**
+ * Scanner - find secrets in codebases
+ */
+export class Scanner {
+    masker;
+    options;
+    constructor(options = {}) {
+        this.masker = new DataMasker();
+        this.options = {
+            extensions: options.extensions || TEXT_EXTENSIONS,
+            excludePatterns: options.excludePatterns || [],
+            skipDirs: [...DEFAULT_SKIP_DIRS, ...(options.skipDirs || [])],
+            maxSize: options.maxSize || 1024 * 1024, // 1MB default
+            failOnDetect: options.failOnDetect || false,
+            level: options.level || 'standard'
+        };
+    }
+    /**
+     * Scan a directory recursively
+     */
+    async scan(dir) {
+        const findings = [];
+        let totalFiles = 0;
+        let scannedFiles = 0;
+        let skippedFiles = 0;
+        const walkDir = (currentDir) => {
+            try {
+                const entries = readdirSync(currentDir);
+                for (const entry of entries) {
+                    const fullPath = join(currentDir, entry);
+                    const stat = statSync(fullPath);
+                    // Skip directories in skip list
+                    if (stat.isDirectory()) {
+                        if (this.options.skipDirs.includes(entry)) {
+                            continue;
+                        }
+                        walkDir(fullPath);
+                        continue;
+                    }
+                    // Only scan files
+                    if (!stat.isFile()) {
+                        continue;
+                    }
+                    totalFiles++;
+                    // Check file extension
+                    const ext = extname(entry);
+                    if (this.options.extensions.length > 0 &&
+                        !this.options.extensions.includes(ext)) {
+                        skippedFiles++;
+                        continue;
+                    }
+                    // Check file size
+                    if (stat.size > this.options.maxSize) {
+                        skippedFiles++;
+                        continue;
+                    }
+                    // Check exclude patterns
+                    const relPath = relative(dir, fullPath);
+                    if (this.options.excludePatterns.some(pattern => pattern.test(relPath))) {
+                        skippedFiles++;
+                        continue;
+                    }
+                    // Scan the file
+                    const fileFindings = this.scanFile(fullPath);
+                    findings.push(...fileFindings);
+                    scannedFiles++;
+                }
+            }
+            catch (error) {
+                // Skip files we can't read (permissions, etc.)
+                skippedFiles++;
+            }
+        };
+        walkDir(resolve(dir));
+        // Generate summary
+        const byPattern = {};
+        const byFile = {};
+        for (const finding of findings) {
+            byPattern[finding.pattern] = (byPattern[finding.pattern] || 0) + 1;
+            const relPath = relative(dir, finding.file);
+            byFile[relPath] = (byFile[relPath] || 0) + 1;
+        }
+        const report = {
+            scans: {
+                totalFiles,
+                scannedFiles,
+                skippedFiles
+            },
+            findings,
+            summary: {
+                byPattern,
+                byFile,
+                total: findings.length
+            }
+        };
+        // Fail if requested and findings exist
+        if (this.options.failOnDetect && findings.length > 0) {
+            throw new ScanError(`Found ${findings.length} sensitive pattern(s) in codebase`, report);
+        }
+        return report;
+    }
+    /**
+     * Scan a single file
+     */
+    scanFile(filePath) {
+        const findings = [];
+        try {
+            const content = readFileSync(filePath, 'utf-8');
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const result = this.masker.mask(line, { level: this.options.level });
+                // Check if anything was masked
+                if (result.stats.total > 0) {
+                    // Find which patterns matched
+                    for (const [pattern, count] of Object.entries(result.stats.byPattern)) {
+                        for (let j = 0; j < count; j++) {
+                            findings.push({
+                                file: filePath,
+                                line: i + 1,
+                                pattern,
+                                placeholder: `[${pattern.toUpperCase()}_${j + 1}]`,
+                                lineContent: line.trim()
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        catch (error) {
+            // Skip files that can't be read as text
+        }
+        return findings;
+    }
+    /**
+     * Format report as text
+     */
+    formatReport(report, baseDir) {
+        const lines = [];
+        lines.push('🔍 llm-mask Scan Report');
+        lines.push('');
+        lines.push(`Scanned: ${report.scans.scannedFiles} files`);
+        lines.push(`Skipped: ${report.scans.skippedFiles} files`);
+        lines.push(`Findings: ${report.summary.total} sensitive pattern(s)`);
+        lines.push('');
+        if (report.findings.length === 0) {
+            lines.push('✅ No sensitive patterns detected!');
+            return lines.join('\n');
+        }
+        lines.push('⚠️  Findings:');
+        lines.push('');
+        // Group by file
+        const byFile = {};
+        for (const finding of report.findings) {
+            const relPath = relative(baseDir, finding.file);
+            if (!byFile[relPath]) {
+                byFile[relPath] = [];
+            }
+            byFile[relPath].push(finding);
+        }
+        for (const [file, fileFindings] of Object.entries(byFile)) {
+            lines.push(`${file}:`);
+            for (const finding of fileFindings) {
+                const icon = this.getSeverityIcon(finding.pattern);
+                lines.push(`  ${icon} Line ${finding.line}: ${finding.pattern}`);
+                lines.push(`    ${finding.lineContent.substring(0, 80)}${finding.lineContent.length > 80 ? '...' : ''}`);
+            }
+            lines.push('');
+        }
+        // Summary by pattern
+        lines.push('Summary by pattern:');
+        for (const [pattern, count] of Object.entries(report.summary.byPattern)) {
+            lines.push(`  ${pattern}: ${count}`);
+        }
+        return lines.join('\n');
+    }
+    /**
+     * Get severity icon for pattern
+     */
+    getSeverityIcon(pattern) {
+        const critical = [
+            'openai_api_key', 'anthropic_api_key', 'stripe_live_key',
+            'aws_access_key', 'aws_secret', 'github_token'
+        ];
+        const warning = [
+            'email', 'ip_address', 'uuid', 'jwt_token', 'api_key_equals'
+        ];
+        if (critical.some(p => pattern.includes(p))) {
+            return '❌';
+        }
+        if (warning.some(p => pattern.includes(p))) {
+            return '⚠️ ';
+        }
+        return '🔒';
+    }
+}
+/**
+ * Error thrown when sensitive patterns are detected
+ */
+export class ScanError extends Error {
+    report;
+    constructor(message, report) {
+        super(message);
+        this.name = 'ScanError';
+        this.report = report;
+    }
+}
+/**
+ * Convenience function to scan a directory
+ */
+export async function scanDirectory(dir, options) {
+    const scanner = new Scanner(options);
+    return scanner.scan(dir);
+}
+//# sourceMappingURL=scanner.js.map

package/dist/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../src/scanner.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAc,MAAM,IAAI,CAAA;AACpE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAwCxC,MAAM,iBAAiB,GAAG;IACxB,cAAc;IACd,MAAM;IACN,MAAM;IACN,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,aAAa;IACb,OAAO;IACP,OAAO;IACP,UAAU;CACX,CAAA;AAED,MAAM,eAAe,GAAG;IACtB,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC5C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ;IACpD,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO;IAC/B,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACrE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAC7B,MAAM,EAAE,UAAU,EAAE,MAAM;IAC1B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO;IACjC,MAAM,EAAE,MAAM;CACf,CAAA;AAED;;GAEG;AACH,MAAM,OAAO,OAAO;IACV,MAAM,CAAY;IAClB,OAAO,CAAuB;IAEtC,YAAY,UAAuB,EAAE;QACnC,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;QAC9B,IAAI,CAAC,OAAO,GAAG;YACb,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,eAAe;YACjD,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,EAAE;YAC9C,QAAQ,EAAE,CAAC,GAAG,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YAC7D,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,IAAI,GAAG,IAAI,EAAE,cAAc;YACvD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,KAAK;YAC3C,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,UAAU;SACnC,CAAA;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,GAAW;QACpB,MAAM,QAAQ,GAAiB,EAAE,CAAA;QACjC,IAAI,UAAU,GAAG,CAAC,CAAA;QAClB,IAAI,YAAY,GAAG,CAAC,CAAA;QACpB,IAAI,YAAY,GAAG,CAAC,CAAA;QAEpB,MAAM,OAAO,GAAG,CAAC,UAAkB,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAAA;gBAEvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;oBACxC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAA;oBAE/B,gCAAgC;oBAChC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;wBACvB,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;4BAC1C,SAAQ;wBACV,CAAC;wBACD,OAAO,CAAC,QAAQ,CAAC,CAAA;wBACjB,SAAQ;oBACV,CAAC;oBAED,kBAAkB;oBAClB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;wBACnB,SAAQ;oBACV,CAAC;oBAED,UAAU,EAAE,CAAA;oBAEZ,uBAAuB;oBACvB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAA;oBAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;wBAClC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3C,YAAY,EAAE,CAAA;wBACd,SAAQ;oBACV,CAAC;oBAED,kBAAkB;oBAClB,IAAI,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;wBACrC,YAAY,EAAE,CAAA;wBACd,SAAQ;oBACV,CAAC;oBAED,yBAAyB;oBACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBACvC,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;wBACxE,YAAY,EAAE,CAAA;wBACd,SAAQ;oBACV,CAAC;oBAED,gBAAgB;oBAChB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;oBAC5C,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;oBAC9B,YAAY,EAAE,CAAA;gBAChB,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,+CAA+C;gBAC/C,YAAY,EAAE,CAAA;YAChB,CAAC;QACH,CAAC,CAAA;QAED,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QAErB,mBAAmB;QACnB,MAAM,SAAS,GAA2B,EAAE,CAAA;QAC5C,MAAM,MAAM,GAA2B,EAAE,CAAA;QAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;YAClE,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;YAC3C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QAC9C,CAAC;QAED,MAAM,MAAM,GAAe;YACzB,KAAK,EAAE;gBACL,UAAU;gBACV,YAAY;gBACZ,YAAY;aACb;YACD,QAAQ;YACR,OAAO,EAAE;gBACP,SAAS;gBACT,MAAM;gBACN,KAAK,EAAE,QAAQ,CAAC,MAAM;aACvB;SACF,CAAA;QAED,uCAAuC;QACvC,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,SAAS,CACjB,SAAS,QAAQ,CAAC,MAAM,mCAAmC,EAC3D,MAAM,CACP,CAAA;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,QAAgB;QACvB,MAAM,QAAQ,GAAiB,EAAE,CAAA;QAEjC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;YAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;gBACrB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAA;gBAEpE,+BAA+B;gBAC/B,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;oBAC3B,8BAA8B;oBAC9B,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;wBACtE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;4BAC/B,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,OAAO;gCACP,WAAW,EAAE,IAAI,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG;gCAClD,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;6BACzB,CAAC,CAAA;wBACJ,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,wCAAwC;QAC1C,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAkB,EAAE,OAAe;QAC9C,MAAM,KAAK,GAAa,EAAE,CAAA;QAE1B,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,CAAA;QACzD,KAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,CAAA;QACzD,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,OAAO,CAAC,KAAK,uBAAuB,CAAC,CAAA;QACpE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAEd,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAA;YAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzB,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAEd,gBAAgB;QAChB,MAAM,MAAM,GAAiC,EAAE,CAAA;QAC/C,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;YAC/C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrB,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,CAAA;YACtB,CAAC;YACD,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1D,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,CAAA;YAEtB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;gBAClD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,SAAS,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;gBAChE,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YAC1G,CAAC;YAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAChB,CAAC;QAED,qBAAqB;QACrB,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;QACjC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACxE,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,KAAK,KAAK,EAAE,CAAC,CAAA;QACtC,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,MAAM,QAAQ,GAAG;YACf,gBAAgB,EAAE,mBAAmB,EAAE,iBAAiB;YACxD,gBAAgB,EAAE,YAAY,EAAE,cAAc;SAC/C,CAAA;QAED,MAAM,OAAO,GAAG;YACd,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,gBAAgB;SAC7D,CAAA;QAED,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,GAAG,CAAA;QACZ,CAAC;QACD,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,SAAU,SAAQ,KAAK;IAC3B,MAAM,CAAY;IAEzB,YAAY,OAAe,EAAE,MAAkB;QAC7C,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,WAAW,CAAA;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAW,EACX,OAAqB;IAErB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACpC,OAAO,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC1B,CAAC"}

package/dist/test-utils.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Test utilities - compatibility layer for bun test
+ */
+export { describe, it, expect, test } from 'bun:test';
+//# sourceMappingURL=test-utils.d.ts.map

package/dist/test-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-utils.d.ts","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,UAAU,CAAA"}

package/dist/test-utils.js

@@ -0,0 +1,6 @@
+/**
+ * Test utilities - compatibility layer for bun test
+ */
+// Use built-in test from bun (available globally in test environment)
+export { describe, it, expect, test } from 'bun:test';
+//# sourceMappingURL=test-utils.js.map

package/dist/test-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,sEAAsE;AACtE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,UAAU,CAAA"}

package/dist/tokenizer.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Reversible tokenization with deterministic encryption
+ *
+ * Uses HMAC-based deterministic encryption to ensure:
+ * - Same input always produces same token (consistency)
+ * - Token cannot be reversed without the salt
+ * - Works across different processes/machines with same salt
+ */
+export interface TokenizerConfig {
+    /** Salt for HMAC (generate one and store it securely) */
+    salt: string;
+    /** Token prefix */
+    prefix?: string;
+}
+/**
+ * Tokenizer - reversible masking with deterministic encryption
+ */
+export declare class Tokenizer {
+    private salt;
+    private prefix;
+    constructor(config: TokenizerConfig);
+    /**
+     * Tokenize a value
+     *
+     * @param value - The sensitive value to tokenize
+     * @param context - Optional context for namespacing (e.g., "email", "api_key")
+     * @returns Token that can be safely shared
+     */
+    tokenize(value: string, context?: string): string;
+    /**
+     * Check if a value is a token from this tokenizer
+     */
+    isToken(value: string): boolean;
+    /**
+     * Extract context from token if present
+     */
+    getTokenContext(token: string): string | null;
+    /**
+     * Verify a token matches an original value
+     *
+     * Useful for validation without storing mappings
+     */
+    verify(token: string, original: string): boolean;
+}
+/**
+ * Generate a random salt for tokenizer
+ *
+ * Save this securely - you'll need it to detokenize
+ */
+export declare function generateSalt(): string;
+/**
+ * Default tokenizer instance (uses a default salt - NOT SECURE for production)
+ *
+ * For production, create your own instance with a secure salt
+ */
+export declare const defaultTokenizer: Tokenizer;
+/**
+ * Convenience functions
+ */
+export declare function tokenize(value: string, context?: string): string;
+export declare function isToken(value: string): boolean;
+//# sourceMappingURL=tokenizer.d.ts.map

package/dist/tokenizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenizer.d.ts","sourceRoot":"","sources":["../src/tokenizer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,MAAM,WAAW,eAAe;IAC9B,yDAAyD;IACzD,IAAI,EAAE,MAAM,CAAA;IACZ,mBAAmB;IACnB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,IAAI,CAAQ;IACpB,OAAO,CAAC,MAAM,CAAQ;gBAEV,MAAM,EAAE,eAAe;IAKnC;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;IAiBjD;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAI/B;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAa7C;;;;OAIG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;CAKjD;AAED;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,WAG3B,CAAA;AAEF;;GAEG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE9C"}