sachii-safe-logger 1.1.5 → 1.2.0

package/README.md

@@ -1,21 +1,175 @@
-# Safe Logger
+# sachii-safe-logger
 
-`safe-logger` is a lightweight TypeScript library for safely masking sensitive information such as **emails, phone numbers, credit card numbers, and tokens**. It’s useful for logging or displaying user data without exposing private details.
+A lightweight TypeScript library to automatically detect and mask sensitive data (emails, credit cards, phone numbers, API tokens, SSN, passwords, etc.) in logs for security and compliance.
 
----
+## Installation
 
-## Features
+```bash
+npm install sachii-safe-logger
+```
 
-- Mask email addresses
-- Mask phone numbers
-- Mask credit card numbers
-- Mask tokens or keys
-- Fully written in TypeScript
-- Works in Node.js and frontend projects
+## 🚀 Quick Start - Auto-Mask All Console Logs
 
----
+Just add **ONE line** at the top of your app and all `console.log` calls will automatically mask sensitive data!
 
-## Installation
+```javascript
+// At the very top of your app entry point (index.js, app.js, server.js)
+require('sachii-safe-logger').enableGlobalMasking();
 
-```bash
-npm install safe-logger
+// That's it! Now ALL console.log calls anywhere in your app auto-mask sensitive data!
+console.log("User email: john@example.com");     // → "User email: j***@example.com"
+console.log("Card: 4111111111111111");           // → "Card: ************1111"
+console.log("Call 555-123-4567");                // → "Call *******4567"
+console.log("SSN: 123-45-6789");                 // → "SSN: ***-**-6789"
+console.log({ password: "secret123" });          // → { password: "sec****123" }
+```
+
+## What Gets Auto-Detected & Masked
+
+| Data Type | Example Input | Masked Output |
+|-----------|---------------|---------------|
+| **Email** | `john@example.com` | `j***@example.com` |
+| **Credit Card** | `4111111111111111` | `************1111` |
+| **Phone** | `555-123-4567` | `*******4567` |
+| **SSN** | `123-45-6789` | `***-**-6789` |
+| **JWT Tokens** | `eyJhbGci...` | `eyJh****...` |
+| **Passwords** | `password=secret` | `password=******` |
+| **IP Addresses** | `192.168.1.100` | `192.***.***100` |
+| **AWS Keys** | `AKIAIOSFODNN7EXAMPLE` | `AKIA****MPLE` |
+| **Basic Auth** | `Basic dXNlcjpwYXNz` | `Basic [REDACTED]` |
+| **URLs with creds** | `https://user:pass@host.com` | `https://user:********@host.com` |
+
+## API Reference
+
+### `enableGlobalMasking(options?)`
+
+Enable auto-masking for all console methods globally. Call once at app startup.
+
+```javascript
+const { enableGlobalMasking } = require('sachii-safe-logger');
+
+// Enable with default options (masks everything)
+enableGlobalMasking();
+
+// Or customize what to mask
+enableGlobalMasking({
+  maskEmail: true,        // default: true
+  maskPhone: true,        // default: true
+  maskCreditCard: true,   // default: true
+  maskSSN: true,          // default: true
+  maskIP: true,           // default: true
+  maskJWT: true,          // default: true
+  maskPasswords: true,    // default: true
+  maskMAC: false,         // default: false
+});
+```
+
+### `disableGlobalMasking()`
+
+Restore original console behavior.
+
+```javascript
+const { disableGlobalMasking } = require('sachii-safe-logger');
+disableGlobalMasking();
+```
+
+### `autoMask(input, options?)`
+
+Mask sensitive data in a single string.
+
+```javascript
+const { autoMask } = require('sachii-safe-logger');
+
+const text = "Contact john@example.com or 555-123-4567";
+console.log(autoMask(text));
+// Output: "Contact j***@example.com or *******4567"
+```
+
+### `autoMaskObject(obj, options?)`
+
+Deep-traverse and mask sensitive data in objects.
+
+```javascript
+const { autoMaskObject } = require('sachii-safe-logger');
+
+const user = {
+  email: "john@example.com",
+  password: "secret123",
+  payment: { cardNumber: "4111111111111111" }
+};
+
+console.log(autoMaskObject(user));
+// Output: { email: "j***@example.com", password: "sec****123", payment: { cardNumber: "************1111" }}
+```
+
+### `createSafeLogger(logger?, options?)`
+
+Wrap any logger (console, winston, pino, bunyan) with auto-masking.
+
+```javascript
+const { createSafeLogger } = require('sachii-safe-logger');
+const winston = require('winston');
+
+const safeLogger = createSafeLogger(winston);
+safeLogger.info("User email: john@example.com"); // Auto-masked!
+```
+
+### Individual Maskers
+
+```javascript
+const { maskEmail, maskPhone, maskCreditCard, maskToken } = require('sachii-safe-logger');
+
+maskEmail("john@example.com");      // "j***@example.com"
+maskPhone("555-123-4567");          // "*******4567"
+maskCreditCard("4111111111111111"); // "************1111"
+maskToken("sk_live_abc123xyz789");  // "sk_l****9789"
+```
+
+### Access Regex Patterns
+
+```javascript
+const { PATTERNS } = require('sachii-safe-logger');
+
+// Use patterns for your own validation/detection
+PATTERNS.EMAIL      // Email regex
+PATTERNS.CREDIT_CARD // Credit card regex
+PATTERNS.SSN        // SSN regex
+PATTERNS.JWT        // JWT regex
+// ... and more
+```
+
+## Custom Patterns
+
+Add your own regex patterns:
+
+```javascript
+enableGlobalMasking({
+  customPatterns: [
+    { name: 'employeeId', pattern: /EMP-\d{6}/g },
+    { name: 'internalCode', pattern: /INT-[A-Z]{3}-\d{4}/g }
+  ]
+});
+```
+
+## TypeScript Support
+
+Full TypeScript support with type definitions included.
+
+```typescript
+import { enableGlobalMasking, autoMask, AutoMaskOptions } from 'sachii-safe-logger';
+
+const options: AutoMaskOptions = {
+  maskEmail: true,
+  maskPhone: false
+};
+
+enableGlobalMasking(options);
+```
+
+## License
+
+MIT
+
+## Author
+
+Sachinandan <sachinandan.priv05@gmail.com>

package/dist/autoMask.d.ts

@@ -0,0 +1,36 @@
+export interface CustomPattern {
+    name: string;
+    pattern: RegExp;
+}
+export interface AutoMaskOptions {
+    maskEmail?: boolean;
+    maskPhone?: boolean;
+    maskCreditCard?: boolean;
+    maskSSN?: boolean;
+    maskIP?: boolean;
+    maskJWT?: boolean;
+    maskBearerToken?: boolean;
+    maskAWSKeys?: boolean;
+    maskPrivateKeys?: boolean;
+    maskPasswords?: boolean;
+    maskBasicAuth?: boolean;
+    maskURLCredentials?: boolean;
+    maskMAC?: boolean;
+    customPatterns?: CustomPattern[];
+    preserveLength?: boolean;
+    maskChar?: string;
+}
+export interface SafeLogger {
+    log: (...args: any[]) => void;
+    info: (...args: any[]) => void;
+    warn: (...args: any[]) => void;
+    error: (...args: any[]) => void;
+    debug: (...args: any[]) => void;
+    trace: (...args: any[]) => void;
+    _original: any;
+    setOptions: (newOptions: Partial<AutoMaskOptions>) => void;
+}
+export declare function maskMatch(match: string, type: string, options?: Partial<AutoMaskOptions>): string;
+export declare function autoMask(input: string, options?: AutoMaskOptions): string;
+export declare function autoMaskObject<T>(obj: T, options?: AutoMaskOptions): T;
+export declare function createSafeLogger(logger?: any, options?: AutoMaskOptions): SafeLogger;

package/dist/autoMask.js

@@ -0,0 +1,194 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.maskMatch = maskMatch;
+exports.autoMask = autoMask;
+exports.autoMaskObject = autoMaskObject;
+exports.createSafeLogger = createSafeLogger;
+const patterns_1 = require("./patterns");
+const email_1 = require("./maskers/email");
+const phone_1 = require("./maskers/phone");
+const creditCard_1 = require("./maskers/creditCard");
+const tokens_1 = require("./maskers/tokens");
+const DEFAULT_OPTIONS = {
+    maskEmail: true,
+    maskPhone: true,
+    maskCreditCard: true,
+    maskSSN: true,
+    maskIP: true,
+    maskJWT: true,
+    maskBearerToken: true,
+    maskAWSKeys: true,
+    maskPrivateKeys: true,
+    maskPasswords: true,
+    maskBasicAuth: true,
+    maskURLCredentials: true,
+    maskMAC: false,
+    customPatterns: [],
+    preserveLength: true,
+    maskChar: '*'
+};
+function maskMatch(match, type, options = {}) {
+    const { preserveLength = true, maskChar = '*' } = options;
+    switch (type) {
+        case 'email':
+            return (0, email_1.maskEmail)(match);
+        case 'phone':
+            return (0, phone_1.maskPhone)(match);
+        case 'creditCard':
+        case 'creditCardFormatted':
+            if (match.includes('-') || match.includes(' ')) {
+                const cleaned = match.replace(/[-\s]/g, '');
+                const masked = (0, creditCard_1.maskCreditCard)(cleaned);
+                let result = '';
+                let maskIndex = 0;
+                for (let i = 0; i < match.length; i++) {
+                    if (match[i] === '-' || match[i] === ' ') {
+                        result += match[i];
+                    }
+                    else {
+                        result += masked[maskIndex++];
+                    }
+                }
+                return result;
+            }
+            return (0, creditCard_1.maskCreditCard)(match);
+        case 'ssn':
+            const ssnClean = match.replace(/[-\s]/g, '');
+            if (match.includes('-')) {
+                return `${maskChar.repeat(3)}-${maskChar.repeat(2)}-${ssnClean.slice(-4)}`;
+            }
+            return maskChar.repeat(5) + ssnClean.slice(-4);
+        case 'ipv4':
+            const octets = match.split('.');
+            return `${octets[0]}.${maskChar.repeat(3)}.${maskChar.repeat(3)}.${octets[3]}`;
+        case 'jwt':
+        case 'bearerToken':
+        case 'awsAccessKey':
+            return (0, tokens_1.maskToken)(match);
+        case 'privateKey':
+            return `-----BEGIN PRIVATE KEY-----\n[REDACTED]\n-----END PRIVATE KEY-----`;
+        case 'password':
+            const pwdMatch = match.match(/^(password|passwd|pwd|secret|credential)[=:\s]["']?/i);
+            if (pwdMatch) {
+                const prefix = pwdMatch[0];
+                const value = match.slice(prefix.length).replace(/["']$/, '');
+                return prefix + maskChar.repeat(value.length);
+            }
+            return maskChar.repeat(match.length);
+        case 'basicAuth':
+            return 'Basic [REDACTED]';
+        case 'urlWithCredentials':
+            return match.replace(/\/\/([^:]+):([^@]+)@/, `//$1:${maskChar.repeat(8)}@`);
+        case 'macAddress':
+            const macParts = match.split(/[:-]/);
+            const separator = match.includes(':') ? ':' : '-';
+            return `${macParts[0]}${separator}${maskChar.repeat(2)}${separator}${maskChar.repeat(2)}${separator}${maskChar.repeat(2)}${separator}${maskChar.repeat(2)}${separator}${macParts[5]}`;
+        default:
+            if (preserveLength) {
+                return maskChar.repeat(match.length);
+            }
+            return '[REDACTED]';
+    }
+}
+function autoMask(input, options = {}) {
+    if (!input || typeof input !== 'string') {
+        return input || '';
+    }
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+    let result = input;
+    const patternsToApply = [];
+    if (opts.maskEmail)
+        patternsToApply.push({ type: 'email', pattern: patterns_1.PATTERNS.EMAIL });
+    if (opts.maskPhone)
+        patternsToApply.push({ type: 'phone', pattern: patterns_1.PATTERNS.PHONE });
+    if (opts.maskCreditCard) {
+        patternsToApply.push({ type: 'creditCard', pattern: patterns_1.PATTERNS.CREDIT_CARD });
+        patternsToApply.push({ type: 'creditCardFormatted', pattern: patterns_1.PATTERNS.CREDIT_CARD_FORMATTED });
+    }
+    if (opts.maskSSN)
+        patternsToApply.push({ type: 'ssn', pattern: patterns_1.PATTERNS.SSN });
+    if (opts.maskIP)
+        patternsToApply.push({ type: 'ipv4', pattern: patterns_1.PATTERNS.IPV4 });
+    if (opts.maskJWT)
+        patternsToApply.push({ type: 'jwt', pattern: patterns_1.PATTERNS.JWT });
+    if (opts.maskBearerToken)
+        patternsToApply.push({ type: 'bearerToken', pattern: patterns_1.PATTERNS.BEARER_TOKEN });
+    if (opts.maskAWSKeys)
+        patternsToApply.push({ type: 'awsAccessKey', pattern: patterns_1.PATTERNS.AWS_ACCESS_KEY });
+    if (opts.maskPrivateKeys)
+        patternsToApply.push({ type: 'privateKey', pattern: patterns_1.PATTERNS.PRIVATE_KEY });
+    if (opts.maskPasswords)
+        patternsToApply.push({ type: 'password', pattern: patterns_1.PATTERNS.PASSWORD_FIELD });
+    if (opts.maskBasicAuth)
+        patternsToApply.push({ type: 'basicAuth', pattern: patterns_1.PATTERNS.BASIC_AUTH });
+    if (opts.maskURLCredentials)
+        patternsToApply.push({ type: 'urlWithCredentials', pattern: patterns_1.PATTERNS.URL_WITH_CREDENTIALS });
+    if (opts.maskMAC)
+        patternsToApply.push({ type: 'macAddress', pattern: patterns_1.PATTERNS.MAC_ADDRESS });
+    if (opts.customPatterns && opts.customPatterns.length > 0) {
+        for (const custom of opts.customPatterns) {
+            patternsToApply.push({ type: custom.name || 'custom', pattern: custom.pattern });
+        }
+    }
+    for (const { type, pattern } of patternsToApply) {
+        const regex = new RegExp(pattern.source, pattern.flags);
+        result = result.replace(regex, (match) => maskMatch(match, type, opts));
+    }
+    return result;
+}
+function autoMaskObject(obj, options = {}) {
+    if (obj === null || obj === undefined) {
+        return obj;
+    }
+    if (typeof obj === 'string') {
+        return autoMask(obj, options);
+    }
+    if (Array.isArray(obj)) {
+        return obj.map(item => autoMaskObject(item, options));
+    }
+    if (typeof obj === 'object') {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            const sensitiveKeys = ['password', 'passwd', 'pwd', 'secret', 'token', 'apikey',
+                'api_key', 'apiKey', 'auth', 'authorization', 'credential', 'private',
+                'ssn', 'creditcard', 'credit_card', 'creditCard', 'cardNumber', 'card_number',
+                'cvv', 'pin', 'accessToken', 'access_token', 'refreshToken', 'refresh_token',
+                'bearer', 'jwt', 'sessionId', 'session_id'];
+            const lowerKey = key.toLowerCase();
+            const isSensitiveKey = sensitiveKeys.some(sk => lowerKey.includes(sk.toLowerCase()));
+            if (isSensitiveKey && typeof value === 'string') {
+                result[key] = (0, tokens_1.maskToken)(value);
+            }
+            else {
+                result[key] = autoMaskObject(value, options);
+            }
+        }
+        return result;
+    }
+    return obj;
+}
+function createSafeLogger(logger = console, options = {}) {
+    const processArgs = (args) => {
+        return args.map(arg => {
+            if (typeof arg === 'string') {
+                return autoMask(arg, options);
+            }
+            if (typeof arg === 'object' && arg !== null) {
+                return autoMaskObject(arg, options);
+            }
+            return arg;
+        });
+    };
+    return {
+        log: (...args) => logger.log(...processArgs(args)),
+        info: (...args) => logger.info(...processArgs(args)),
+        warn: (...args) => logger.warn(...processArgs(args)),
+        error: (...args) => logger.error(...processArgs(args)),
+        debug: (...args) => logger.debug ? logger.debug(...processArgs(args)) : logger.log(...processArgs(args)),
+        trace: (...args) => logger.trace ? logger.trace(...processArgs(args)) : logger.log(...processArgs(args)),
+        _original: logger,
+        setOptions: (newOptions) => {
+            Object.assign(options, newOptions);
+        }
+    };
+}

package/dist/globalMask.d.ts

@@ -0,0 +1,20 @@
+import { AutoMaskOptions } from "./autoMask";
+/**
+ * Enable global console masking - all console.log, console.info, etc. will auto-mask sensitive data
+ * @param options - Masking options (same as autoMask options)
+ * @example
+ * require('sachii-safe-logger').enableGlobalMasking();
+ *
+ * // Now all console.log calls will auto-mask!
+ * console.log("Email: john@example.com"); // Output: "Email: j***@example.com"
+ * console.log("Card: 4111111111111111");  // Output: "Card: ************1111"
+ */
+export declare function enableGlobalMasking(options?: AutoMaskOptions): void;
+/**
+ * Disable global console masking and restore original console methods
+ */
+export declare function disableGlobalMasking(): void;
+/**
+ * Check if global masking is currently enabled
+ */
+export declare function isGlobalMaskingEnabled(): boolean;

package/dist/globalMask.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.enableGlobalMasking = enableGlobalMasking;
+exports.disableGlobalMasking = disableGlobalMasking;
+exports.isGlobalMaskingEnabled = isGlobalMaskingEnabled;
+const autoMask_1 = require("./autoMask");
+const originalConsole = {
+    log: console.log.bind(console),
+    info: console.info.bind(console),
+    warn: console.warn.bind(console),
+    error: console.error.bind(console),
+    debug: console.debug.bind(console),
+    trace: console.trace.bind(console)
+};
+let isEnabled = false;
+let globalOptions = {};
+function processArgs(args) {
+    return args.map(arg => {
+        if (typeof arg === 'string') {
+            return (0, autoMask_1.autoMask)(arg, globalOptions);
+        }
+        if (typeof arg === 'object' && arg !== null) {
+            try {
+                return (0, autoMask_1.autoMaskObject)(JSON.parse(JSON.stringify(arg)), globalOptions);
+            }
+            catch (e) {
+                return arg;
+            }
+        }
+        return arg;
+    });
+}
+/**
+ * Enable global console masking - all console.log, console.info, etc. will auto-mask sensitive data
+ * @param options - Masking options (same as autoMask options)
+ * @example
+ * require('sachii-safe-logger').enableGlobalMasking();
+ *
+ * // Now all console.log calls will auto-mask!
+ * console.log("Email: john@example.com"); // Output: "Email: j***@example.com"
+ * console.log("Card: 4111111111111111");  // Output: "Card: ************1111"
+ */
+function enableGlobalMasking(options = {}) {
+    if (isEnabled) {
+        globalOptions = { ...globalOptions, ...options };
+        return;
+    }
+    globalOptions = options;
+    isEnabled = true;
+    console.log = function (...args) {
+        originalConsole.log(...processArgs(args));
+    };
+    console.info = function (...args) {
+        originalConsole.info(...processArgs(args));
+    };
+    console.warn = function (...args) {
+        originalConsole.warn(...processArgs(args));
+    };
+    console.error = function (...args) {
+        originalConsole.error(...processArgs(args));
+    };
+    console.debug = function (...args) {
+        originalConsole.debug(...processArgs(args));
+    };
+    console.trace = function (...args) {
+        originalConsole.trace(...processArgs(args));
+    };
+}
+/**
+ * Disable global console masking and restore original console methods
+ */
+function disableGlobalMasking() {
+    if (!isEnabled)
+        return;
+    isEnabled = false;
+    console.log = originalConsole.log;
+    console.info = originalConsole.info;
+    console.warn = originalConsole.warn;
+    console.error = originalConsole.error;
+    console.debug = originalConsole.debug;
+    console.trace = originalConsole.trace;
+}
+/**
+ * Check if global masking is currently enabled
+ */
+function isGlobalMaskingEnabled() {
+    return isEnabled;
+}

package/dist/index.d.ts

@@ -2,3 +2,6 @@ export { maskEmail } from "./maskers/email";
 export { maskPhone } from "./maskers/phone";
 export { maskCreditCard } from "./maskers/creditCard";
 export { maskToken } from "./maskers/tokens";
+export { autoMask, autoMaskObject, createSafeLogger, maskMatch, AutoMaskOptions, CustomPattern, SafeLogger } from "./autoMask";
+export { PATTERNS, SENSITIVE_PATTERNS, SensitivePattern } from "./patterns";
+export { enableGlobalMasking, disableGlobalMasking, isGlobalMaskingEnabled } from "./globalMask";

package/dist/index.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.maskToken = exports.maskCreditCard = exports.maskPhone = exports.maskEmail = void 0;
+exports.isGlobalMaskingEnabled = exports.disableGlobalMasking = exports.enableGlobalMasking = exports.SENSITIVE_PATTERNS = exports.PATTERNS = exports.maskMatch = exports.createSafeLogger = exports.autoMaskObject = exports.autoMask = exports.maskToken = exports.maskCreditCard = exports.maskPhone = exports.maskEmail = void 0;
+// Individual maskers
 var email_1 = require("./maskers/email");
 Object.defineProperty(exports, "maskEmail", { enumerable: true, get: function () { return email_1.maskEmail; } });
 var phone_1 = require("./maskers/phone");
@@ -9,3 +10,18 @@ var creditCard_1 = require("./maskers/creditCard");
 Object.defineProperty(exports, "maskCreditCard", { enumerable: true, get: function () { return creditCard_1.maskCreditCard; } });
 var tokens_1 = require("./maskers/tokens");
 Object.defineProperty(exports, "maskToken", { enumerable: true, get: function () { return tokens_1.maskToken; } });
+// Auto-detection and masking
+var autoMask_1 = require("./autoMask");
+Object.defineProperty(exports, "autoMask", { enumerable: true, get: function () { return autoMask_1.autoMask; } });
+Object.defineProperty(exports, "autoMaskObject", { enumerable: true, get: function () { return autoMask_1.autoMaskObject; } });
+Object.defineProperty(exports, "createSafeLogger", { enumerable: true, get: function () { return autoMask_1.createSafeLogger; } });
+Object.defineProperty(exports, "maskMatch", { enumerable: true, get: function () { return autoMask_1.maskMatch; } });
+// Patterns for custom usage
+var patterns_1 = require("./patterns");
+Object.defineProperty(exports, "PATTERNS", { enumerable: true, get: function () { return patterns_1.PATTERNS; } });
+Object.defineProperty(exports, "SENSITIVE_PATTERNS", { enumerable: true, get: function () { return patterns_1.SENSITIVE_PATTERNS; } });
+// Global console masking
+var globalMask_1 = require("./globalMask");
+Object.defineProperty(exports, "enableGlobalMasking", { enumerable: true, get: function () { return globalMask_1.enableGlobalMasking; } });
+Object.defineProperty(exports, "disableGlobalMasking", { enumerable: true, get: function () { return globalMask_1.disableGlobalMasking; } });
+Object.defineProperty(exports, "isGlobalMaskingEnabled", { enumerable: true, get: function () { return globalMask_1.isGlobalMaskingEnabled; } });

package/dist/patterns.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Comprehensive regex patterns for detecting sensitive data
+ */
+export declare const PATTERNS: {
+    EMAIL: RegExp;
+    PHONE: RegExp;
+    PHONE_INTERNATIONAL: RegExp;
+    CREDIT_CARD: RegExp;
+    CREDIT_CARD_FORMATTED: RegExp;
+    SSN: RegExp;
+    IPV4: RegExp;
+    IPV6: RegExp;
+    API_KEY: RegExp;
+    BEARER_TOKEN: RegExp;
+    JWT: RegExp;
+    GENERIC_TOKEN: RegExp;
+    HEX_TOKEN: RegExp;
+    AWS_ACCESS_KEY: RegExp;
+    AWS_SECRET_KEY: RegExp;
+    PRIVATE_KEY: RegExp;
+    PASSWORD_FIELD: RegExp;
+    BANK_ACCOUNT: RegExp;
+    PASSPORT: RegExp;
+    DOB: RegExp;
+    MAC_ADDRESS: RegExp;
+    URL_WITH_CREDENTIALS: RegExp;
+    BASIC_AUTH: RegExp;
+    DRIVERS_LICENSE: RegExp;
+};
+export interface SensitivePattern {
+    pattern: RegExp;
+    priority: number;
+    description: string;
+}
+/**
+ * Sensitive data types with their patterns and masking strategies
+ */
+export declare const SENSITIVE_PATTERNS: Record<string, SensitivePattern>;

package/dist/patterns.js

@@ -0,0 +1,124 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENSITIVE_PATTERNS = exports.PATTERNS = void 0;
+/**
+ * Comprehensive regex patterns for detecting sensitive data
+ */
+exports.PATTERNS = {
+    // Email addresses
+    EMAIL: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
+    // Phone numbers (various formats)
+    PHONE: /\b(?:\+?1[-.\s]?)?\(?[0-9]{3}\)?[-.\s]?[0-9]{3}[-.\s]?[0-9]{4}\b/g,
+    PHONE_INTERNATIONAL: /\b\+?[1-9]\d{1,14}\b/g,
+    // Credit card numbers (Visa, MasterCard, Amex, Discover, etc.)
+    CREDIT_CARD: /\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11})\b/g,
+    CREDIT_CARD_FORMATTED: /\b(?:\d{4}[-\s]?){3}\d{4}\b/g,
+    // Social Security Numbers (US)
+    SSN: /\b(?!000|666|9\d{2})\d{3}[-\s]?(?!00)\d{2}[-\s]?(?!0000)\d{4}\b/g,
+    // IP Addresses
+    IPV4: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
+    IPV6: /\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
+    // API Keys and Tokens (common patterns)
+    API_KEY: /\b(?:api[_-]?key|apikey|api[_-]?token)[=:\s]["']?([a-zA-Z0-9_-]{20,})/gi,
+    BEARER_TOKEN: /\bBearer\s+[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/gi,
+    JWT: /\beyJ[A-Za-z0-9_-]*\.eyJ[A-Za-z0-9_-]*\.[A-Za-z0-9_-]*/g,
+    // Generic long tokens/secrets (base64, hex)
+    GENERIC_TOKEN: /\b[A-Za-z0-9+/]{40,}={0,2}\b/g,
+    HEX_TOKEN: /\b[a-fA-F0-9]{32,}\b/g,
+    // AWS Keys
+    AWS_ACCESS_KEY: /\b(?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}\b/g,
+    AWS_SECRET_KEY: /\b[A-Za-z0-9/+=]{40}\b/g,
+    // Private Keys
+    PRIVATE_KEY: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----/g,
+    // Passwords in common log formats
+    PASSWORD_FIELD: /(?:password|passwd|pwd|secret|credential)[=:\s]["']?([^\s"'&]+)/gi,
+    // Bank Account Numbers (basic pattern)
+    BANK_ACCOUNT: /\b\d{9,18}\b/g,
+    // Passport Numbers (various countries - basic)
+    PASSPORT: /\b[A-Z]{1,2}[0-9]{6,9}\b/g,
+    // Date of Birth patterns
+    DOB: /\b(?:0?[1-9]|1[0-2])[-/](?:0?[1-9]|[12]\d|3[01])[-/](?:19|20)\d{2}\b/g,
+    // MAC Addresses
+    MAC_ADDRESS: /\b(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2}\b/g,
+    // URLs with credentials
+    URL_WITH_CREDENTIALS: /\b(?:https?|ftp):\/\/[^:@\s]+:[^:@\s]+@[^\s]+/g,
+    // Basic Auth headers
+    BASIC_AUTH: /\bBasic\s+[A-Za-z0-9+/]+=*\b/gi,
+    // Driver's License (US - varies by state, basic pattern)
+    DRIVERS_LICENSE: /\b[A-Z]{1,2}[0-9]{5,8}\b/g,
+};
+/**
+ * Sensitive data types with their patterns and masking strategies
+ */
+exports.SENSITIVE_PATTERNS = {
+    email: {
+        pattern: exports.PATTERNS.EMAIL,
+        priority: 1,
+        description: "Email addresses"
+    },
+    phone: {
+        pattern: exports.PATTERNS.PHONE,
+        priority: 2,
+        description: "Phone numbers"
+    },
+    creditCard: {
+        pattern: exports.PATTERNS.CREDIT_CARD,
+        priority: 1,
+        description: "Credit card numbers"
+    },
+    creditCardFormatted: {
+        pattern: exports.PATTERNS.CREDIT_CARD_FORMATTED,
+        priority: 1,
+        description: "Formatted credit card numbers"
+    },
+    ssn: {
+        pattern: exports.PATTERNS.SSN,
+        priority: 1,
+        description: "Social Security Numbers"
+    },
+    ipv4: {
+        pattern: exports.PATTERNS.IPV4,
+        priority: 3,
+        description: "IPv4 addresses"
+    },
+    jwt: {
+        pattern: exports.PATTERNS.JWT,
+        priority: 1,
+        description: "JWT tokens"
+    },
+    bearerToken: {
+        pattern: exports.PATTERNS.BEARER_TOKEN,
+        priority: 1,
+        description: "Bearer tokens"
+    },
+    awsAccessKey: {
+        pattern: exports.PATTERNS.AWS_ACCESS_KEY,
+        priority: 1,
+        description: "AWS Access Keys"
+    },
+    privateKey: {
+        pattern: exports.PATTERNS.PRIVATE_KEY,
+        priority: 1,
+        description: "Private keys"
+    },
+    password: {
+        pattern: exports.PATTERNS.PASSWORD_FIELD,
+        priority: 1,
+        description: "Passwords in log strings"
+    },
+    basicAuth: {
+        pattern: exports.PATTERNS.BASIC_AUTH,
+        priority: 1,
+        description: "Basic auth headers"
+    },
+    urlWithCredentials: {
+        pattern: exports.PATTERNS.URL_WITH_CREDENTIALS,
+        priority: 1,
+        description: "URLs containing credentials"
+    },
+    macAddress: {
+        pattern: exports.PATTERNS.MAC_ADDRESS,
+        priority: 3,
+        description: "MAC addresses"
+    }
+};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "sachii-safe-logger",
-    "version": "1.1.5",
+    "version": "1.2.0",
     "description": "A lightweight TypeScript library to mask sensitive data (emails, credit cards, phone numbers, API tokens) in logs for security and compliance.",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",