npm - logshield-cli - Versions diffs - 0.2.0 → 0.2.2 - Mend

logshield-cli 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,119 +1,101 @@
+---
 # LogShield
-**Safe log sanitization for developers.**
-LogShield is a lightweight, developer-focused utility to automatically redact secrets, tokens, credentials, and sensitive data from logs before they are stored, shared, or shipped.
-It is designed to be:
-- **Deterministic** – predictable behavior, no AI, no guesswork
-- **Safe by default** – minimal false positives in default mode
-- **Strict when needed** – aggressive redaction via `strict` mode
-- **Composable** – rule-based engine, easy to extend
+LogShield is a CLI tool to **redact sensitive data from logs** before sharing them with others, AI tools, or public channels.
+Designed to be safe by default, deterministic, and free of runtime dependencies.
 ---
-## Why LogShield?
+## Install
-Logs are copied everywhere: CI output, bug reports, Slack, tickets, LLM prompts.
+```bash
+npm install -g logshield-cli
+```
-One leaked key is enough to:
-- Compromise production systems
-- Invalidate compliance (GDPR, SOC2)
-- Burn trust instantly
+---
-LogShield exists to solve one problem extremely well:
+## Usage
-> **Make logs safe to share.**
+Scan a log file:
----
+```bash
+logshield scan app.log
+```
-## Features
-- Redacts common secrets:
-  - API keys
-  - Passwords
-  - JWT tokens
-  - Bearer tokens
-  - Stripe keys
-  - Cloud credentials (AWS, etc.)
-  - Credit cards (Luhn-validated)
-- Two modes:
-  - **Default**: conservative, low false positives
-  - **Strict**: aggressive, security-first
-- Snapshot-tested, contract-tested
-- Zero runtime dependencies
+Scan from stdin:
----
+```bash
+cat app.log | logshield scan
+```
-## Installation
+Strict mode (more aggressive):
 ```bash
-npm install logshield
+logshield scan app.log --strict
 ```
----
+JSON output:
-## Usage
-### Basic
+```bash
+logshield scan app.log --json
+```
-```ts
-import { sanitizeLog } from "logshield";
+Summary only (printed to stderr):
-const result = sanitizeLog("password=supersecret");
-console.log(result.output);
-// password=<REDACTED_PASSWORD>
+```bash
+logshield scan app.log --summary
 ```
-### Strict mode
+---
-```ts
-sanitizeLog(input, { strict: true });
-```
+## What Gets Redacted
+- API keys
+- Passwords
+- JWT tokens
+- `Bearer <TOKEN>` (always redacted)
+- Stripe keys
+- Cloud credentials (AWS, etc.)
+- Credit cards (Luhn-validated)
 ---
-## API
+## Modes
-### `sanitizeLog(input: string, options?)`
+### Default (recommended)
-Returns:
+- Conservative
+- Low false positives
+- Safe for sharing logs publicly
-```ts
-{
-  output: string;
-  matches: {
-    rule: string;
-    match: string;
-  }[];
-}
-```
+### Strict
-- `output` – sanitized log string
-- `matches` – what was redacted and why (for auditing/debugging)
+- Aggressive
+- Security-first
+- May redact more than necessary
 ---
-## Design Principles
+## Design Guarantees
-- **No heuristics** – explicit rules only
-- **No mutation magic** – transparent replacements
-- **Locked behavior** – breaking changes require intent
-This is a boring utility by design.
+- Deterministic output
+- Zero runtime dependencies
+- Snapshot-tested & contract-tested
+- No network calls
+- No telemetry
 ---
-## Roadmap
+## Example
-- CLI (`logshield scan file.log`)
-- GitHub Action
-- Pre-commit hook
-- Pro ruleset (enterprise patterns)
+```bash
+cat server.log | logshield scan --strict --summary
+```
 ---
 ## License
-MIT
+ISC
+---

package/dist/cli/index.cjs CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
+#!/usr/bin/env node
 "use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
@@ -347,14 +347,26 @@ var init_sanitizeLog = __esm({
 });
 // src/cli/index.ts
+var import_fs = require("fs");
+var import_path = __toESM(require("path"));
 var { readInput: readInput2 } = (init_readInput(), __toCommonJS(readInput_exports));
 var { writeOutput: writeOutput2 } = (init_writeOutput(), __toCommonJS(writeOutput_exports));
 var { printSummary: printSummary2 } = (init_summary(), __toCommonJS(summary_exports));
 var { sanitizeLog: sanitizeLog2 } = (init_sanitizeLog(), __toCommonJS(sanitizeLog_exports));
+var __dirname = import_path.default.dirname(process.argv[1]);
 var args = process.argv.slice(2);
 function hasFlag(flag) {
   return args.includes(flag);
 }
+function getVersion() {
+  try {
+    const pkgPath = import_path.default.resolve(__dirname, "../../package.json");
+    const pkg = JSON.parse((0, import_fs.readFileSync)(pkgPath, "utf8"));
+    return pkg.version;
+  } catch {
+    return "unknown";
+  }
+}
 function getFileArg() {
   const file = args[1];
   if (!file || file.startsWith("--")) return void 0;
@@ -374,7 +386,7 @@ Options:
     process.exit(0);
   }
   if (hasFlag("--version")) {
-    process.stdout.write("logshield v0.2.0\n");
+    console.log(`logshield v${getVersion()}`);
     process.exit(0);
   }
   const command = args[0];
@@ -394,7 +406,7 @@ Options:
       printSummary2(result.matches);
     }
   } catch (err) {
-    process.stderr.write(err && err.message || "Unexpected error");
+    process.stderr.write(err?.message || "Unexpected error");
     process.stderr.write("\n");
     process.exit(2);
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "logshield-cli",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "type": "commonjs",
   "bin": {
     "logshield": "dist/cli/index.cjs"