npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@amaabca/sensitive-param-filter

v1.2.10

Published

A package for filtering sensitive data (parameters, keys) from a variety of JS objects

Downloads

1,153

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

david.dowiedavid.dowiechannel.developer.amachannel.developer.amawinnie.howinnie.honabboud_amanabboud_amamathieugilbertmathieugilbertray.stroud.amaabcaray.stroud.amaabcarubenerubenemarkcalderamamarkcalderamajason.badenjason.badenzoieczoiecdarko.dosenovicdarko.dosenovic

Keywords

sensitivefiltersecurity

Readme

Sensitive Param Filter

Build Status

sensitive-param-filter is a zero-dependency package designed to filter sensitive values from JavaScript objects. This package can be used to scrub logs, filer data before outputting to a UI, etc. The defaults provided with sensitive-param-filter should work well for most applications.

Installation

Install sensitive-param-filter to your project via either npm:

npm install @amaabca/sensitive-param-filter

or yarn:

yarn add @amaabca/sensitive-param-filter

Usage

const { SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const paramFilter = new SensitiveParamFilter()
const rawObject = {
  Authorization: 'Bearer somedatatoken',
  body: {
    info: '{ "amount": 28.64, "credit_card": "4242424242424242", "cvv": "123" }'
  },
  method: 'POST',
  url: 'https://pay.example.com?user=bob.bobbington&password=asecurepassword1234'
}
const filteredObject = paramFilter.filter(rawObject)
// filteredObject = {
//   Authorization: 'FILTERED',
//   body: {
//     info: '{ "amount": 28.64, "credit_card": "FILTERED", "cvv": "FILTERED" }'
//   },
//   method: 'POST',
//   url: 'https://pay.example.com?user=bob.bobbington&password=FILTERED'
// }

Details

sensitive-param-filter examines keys to determine which values to filter. Key matching is done in a case-insensitive, partial-macthing manner (that is, if the param AUTH is provided, Authorization, AUTHENTICATION, etc. will be filtered).

Key Features

  • Does not modify input objects
  • Performs a deep copy of the input object (note that booleans, numbers, and strings - which are immutable - are technically copied by reference)
  • Can be configued to filter out or leave "unexpected" objects (such as functions)
  • Handles circular references
  • Filters valid JSON strings
  • Filters valid and malformed URL query params
  • Filters Errors, Arrays, Maps, Sets, and simple objects

Options

const { SPFDefaultParams, SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const filter = new SensitiveParamFilter({
  filterUnknown: false,
  params: SPFDefaultParams.concat(['data', 'email']),
  replacement: '***',
  whitelist: ['authentic', 'encryption_standard']
})

  • filterUnknown: Indicates whether "unexpected" objects (such as functions) should be filtered or returned as-is. Defaults to true

  • params: An array of string params to filter. These entries will be combined into a regex that is used by sensitive-param-filter. Setting this option overwrites the default array (SPFDefaultParams).

  • replacement: The object to replace filtered values with. Defaults to 'FILTERED'.

  • whitelist: An array of strings to exclude from filtering. For example, if pass_through is including in the whitelist, the key pass_through will not be filtered. Note that entries must match keys exactly to prevent filtering - that is, whitelisting secrets still causes secrets_store to be filtered.

Default Values

See defaults. Note that all of these values can be overridden via the options.

The default keys that are filtered are:

  • auth
  • bearer
  • credit
  • CVD
  • CVV
  • encrypt
  • PAN
  • pass
  • secret
  • token

License & Contributing

sensitive-param-filter uses the MIT license. See the license.

We welcome contributions. See contributing.