npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@runmeetly/striptease

v0.0.4

Published

Strip sensitive information from objects and arrays

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

meetly-petermeetly-peter

Keywords

logsloggersensitivesanitizationes6promise

Readme

striptease

Install


$ npm i @runmeetly/striptease

$ yarn add @runmeetly/striptease

What

A small utility that searches a list of arguments and strips out sensitive bits. It does not perform any logging on its own however - it simply processes arguments so that they can be passed on to console or other logging systems.

Why

For fun, and a cheap way to naively remove potentially sensitive information from system logs.

How

Before:

const sensitive = [
  "This",
  "array",
  "contains",
  "sensitive",
  "info",
  {
    id: 42069,
    sensitiveData: "https://www.runmeetly.com"
  }
];

console.log("Take a look at this data: ", sensitive);

// Prints
//
// 'Take a look at this data: [
//     "This",
//     "array",
//     "contains",
//     "sensitive",
//     "info",
//     {
//       id: 42069,
//       sensitiveData: "https://www.runmeetly.com"
//     }
//   ]

After:

const sensitive = [
  "This",
  "array",
  "contains",
  "sensitive",
  "info:",
  {
    id: 42069,
    sensitiveData: "https://www.runmeetly.com"
  }
];

// The sensitive keys to search for and remove
const requiredSensitiveKeysArray = ["email", "sensitiveData"];

// An optional side effect handler for when processing goes wrong
//
// This will always be called, regardless of the whether or not the `failOnError` flag is set.
const optionalPanicHandler = (...errorArgs) => {
  console.error(
    "An error has occurred while processing sensitive data: ",
    ...errorArgs
  );
};

// Maximium depth to dive into nested objects and arrays
const optionalMaxDepth = 4;

// If this flag is set to false, if a strip() operation encounters an error,
// it will return the original arguments passed to it - which may contain sensitive information.
// If this flag is set to true (default), errors in operation will return an empty list, which prevents
// the leaking of potentially sensitive information.
const optionalFailOnError = false;

// If this flag is set to false (default), sensitive data will be replaced with '*'
// If this flag is set to true, sensitive data will be deleted out of the payload
const optionalBare = true;

const stripper = Striptease.create({
  sensitive: requiredSensitiveKeysArray,
  panic: optionalPanicHandler,
  maxDepth: optionalMaxDepth,
  failOnError: optionalFailOnError,
  bare: optionalBare
});

// The result of strip() will always be a Promise that resolves
// to an array, so spread it out to get clean logs
stripper
  .strip("Take a look at this data: ", sensitive)
  .then(result => console.log(...result));

// Prints after delay
//
// 'Take a look at this data: [
//     "This",
//     "array",
//     "contains",
//     "sensitive",
//     "info",
//     {
//       id: 42069
//     }
//   ]

What Can It Do

striptease can search through Arrays [] and Objects {} and remove sensitive information. It can remove this sensitive data by either redacting it, or by completely deleting it from the input as if it was never there. In the case of an Object {} it will remove the key value pair. It can also dive into nested objects and remove sensitive data from those nested objects. It can dive into nested arrays following the logic below.

In the case of an Array [], it will remove the index if it is a String, it can also dive into nested arrays, or nested objects following the object rule above.

You can also configure striptease to only dive to a maxDepth which will prevent it from going so deep that it begins to affect performance. By default it will dive into nested objects that are 4 levels deep.

To attempt to mitigate the performance hit caused by processing potentially large objects, all operations run as async/await coroutine style calls, which should help by offloading work to the closest microtask tick. This means that stripping operations will not block, and will never be immediate. If you have - for some reason - performance critical log expectations, you should strip sensitive information by hand.

What Can't It Do

For performance reasons, striptease will not attempt to strip sensitive information out of plain String arguments passed to it. striptease will only attempt to operate on complex data which is in the form of either an Array [] or an Object {}.

Credit

striptease is primarily developed and maintained by Peter at Meetly.

License

 Copyright 2019 Meetly Inc.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.