restore-redact 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +85 -0
  2. package/package.json +1 -1
package/README.md ADDED
@@ -0,0 +1,85 @@
1
+ # restore-redact
2
+
3
+ Detect secrets in objects or strings, replace them with opaque UUID tokens, and restore the original values on demand.
4
+
5
+ Built on [`@leakguard/guard`](https://www.npmjs.com/package/@leakguard/guard) for detection and redaction.
6
+
7
+ ## Install
8
+
9
+ ```sh
10
+ npm install restore-redact
11
+ ```
12
+
13
+ ## Usage
14
+
15
+ ```js
16
+ const { detect, restore, clear } = require('restore-redact');
17
+
18
+ const input = {
19
+ service: 'payment-gateway',
20
+ apiKey: 'sk_live_4eC39HqLyjWDarjtT1zdp7dc',
21
+ };
22
+
23
+ const redacted = detect(input);
24
+ // {
25
+ // service: 'payment-gateway',
26
+ // apiKey: '[REDACTED:a3f1c2d4-...]'
27
+ // }
28
+
29
+ const restored = restore(redacted);
30
+ // { service: 'payment-gateway', apiKey: 'sk_live_4eC39HqLyjWDarjtT1zdp7dc' }
31
+
32
+ clear(); // wipe the in-memory store
33
+ ```
34
+
35
+ Works on plain strings too:
36
+
37
+ ```js
38
+ const redacted = detect('token=sk_live_4eC39HqLyjWDarjtT1zdp7dc');
39
+ // 'token=[REDACTED:a3f1c2d4-...]'
40
+
41
+ restore(redacted);
42
+ // 'token=sk_live_4eC39HqLyjWDarjtT1zdp7dc'
43
+ ```
44
+
45
+ ## API
46
+
47
+ ### `detect(data)`
48
+
49
+ Scans `data` (string, object, or array) for secrets. Each unique secret value is assigned a `[REDACTED:<uuid>]` token and the original value is stored in an in-memory Map. Returns the redacted copy; the original is not mutated.
50
+
51
+ The same secret value appearing multiple times in `data` gets the same token.
52
+
53
+ If no secrets are found, `data` is returned as-is.
54
+
55
+ ### `restore(redactedData)`
56
+
57
+ Walks `redactedData` (string, object, or array), finds all `[REDACTED:<uuid>]` tokens, and replaces each with the original value from the store. Tokens with no matching entry (e.g. after `clear()`) are left as-is.
58
+
59
+ ### `clear()`
60
+
61
+ Wipes the in-memory store. Any tokens produced before `clear()` can no longer be resolved.
62
+
63
+ ## Detected secret types
64
+
65
+ Detection is provided by `@leakguard/guard` and covers:
66
+
67
+ - API keys (`sk_live_*`, `sk_test_*`, and similar patterns)
68
+ - JWTs
69
+ - Private keys
70
+ - Passwords
71
+ - Connection strings
72
+ - Auth tokens
73
+ - Credit card numbers
74
+ - Social security numbers
75
+ - High-entropy strings
76
+
77
+ ## Notes
78
+
79
+ - The store is **module-level** and shared across all calls in the same process. Call `clear()` when a request or task completes if you don't want secrets accumulating in memory.
80
+ - `detect` / `restore` handle nested objects and arrays recursively.
81
+ - Unknown token UUIDs passed to `restore` are left unchanged rather than throwing.
82
+
83
+ ## License
84
+
85
+ ISC
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "restore-redact",
3
- "version": "1.0.0",
3
+ "version": "1.0.1",
4
4
  "description": "Detect and tokenise secrets in objects/strings, then restore original values on demand",
5
5
  "main": "index.js",
6
6
  "exports": {