npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

har-cleaner

v0.0.5

Published

Library to clean data out of HAR files. Useful for security automation.

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

boris-abregaboris-abrega

Keywords

Readme

har-cleaner

Library designed to clean sensitive data out of HAR files.

Built for, and used in Securely for Jira. Securely will automatically scrub sensitive data out of HAR files attached to Jira and help users scrub files before ever uploading them to Jira.

If you want to use this as a standalone web app check out Securely for Web by Abrega. This is deployed from the web subdirectory in this repository to Cloudflare Pages.

Zero dependencies.

Usage

Import the library into your code:

import { sanitizeHar } from "har-cleaner";

Call the function with whatever options you want:

scrubbedHar = sanitizeHar(harObject, {
    scrubAllCookies: options.scrubAllCookies,
    scrubSpecificCookie: options.scrubSpecificCookie,
    scrubAllRequestHeaders: options.scrubAllRequestHeaders,
    scrubSpecificHeader: options.scrubSpecificHeader,
    scrubAllResponseHeaders: options.scrubAllResponseHeaders,
    scrubSpecificResponseHeader: options.scrubSpecificResponseHeader,
    scrubAllQueryParams: options.scrubAllQueryParams,
    scrubSpecificQueryParam: options.scrubSpecificQueryParam,
    scrubAllPostParams: options.scrubAllPostParams,
    scrubSpecificPostParam: options.scrubSpecificPostParam,
    scrubAllBodyContents: options.scrubAllBodyContents,
    scrubSpecificMimeTypes: options.scrubSpecificMimeTypes
});

If you don't specify an option, then the library will use the relevant default value. Default values are defined in this block:

const effectiveOptions = {
    scrubAllRequestHeaders: options?.scrubAllRequestHeaders || false,
    scrubAllCookies: options?.scrubAllCookies || false,
    scrubAllQueryParams: options?.scrubAllQueryParams || false,
    scrubAllPostParams: options?.scrubAllPostParams || false,
    scrubAllResponseHeaders: options?.scrubAllResponseHeaders || false,
    scrubAllBodyContents: options?.scrubAllBodyContents || false,
    scrubSpecificMimeTypes: options?.scrubSpecificMimeTypes || defaultMimeTypesList,
    scrubSpecificHeader: options?.scrubSpecificHeader || defaultRequestHeadersList,
    scrubSpecificCookie: options?.scrubSpecificCookie || defaultCookiesList,
    scrubSpecificQueryParam: options?.scrubSpecificQueryParam || defaultQueryPostParamsList,
    scrubSpecificPostParam: options?.scrubSpecificPostParam || defaultQueryPostParamsList,
    scrubSpecificResponseHeader: options?.scrubSpecificResponseHeader || defaultResponseHeadersList,
};

The various default word lists are defined in the file itself. These lists are based on Cloudflare's har-sanitizer library. However, we hope to evolve them to be option specific for clarity and performance reasons.

Default lists are exported so you can access them in other parts of your code easily via:

import { defaultMimeTypesList, defaultRequestHeadersList } from 'har-cleaner';

Allow vs Denylisting

This likely needs some better terminology and explanation, but the logic within the code allows for any given object to act in either allow or denylist mode. Let's walk through an example to make this easy to understand:

  • You have a HAR file with a request header called Example.
  • If you set scrubAllRequestHeaders to true, and leave everything else alone, the Example header will be removed.
  • If you set scrubAllRequestHeaders to true, and set scrubSpecificHeader to ['Example'] then everything other than Example will be removed.
  • If you set scrubAllRequestHeaders to false, and leave everything else alone, the Example header will be left in place.
  • If you set scrubAllRequestHeaders to false, and set scrubSpecificHeader to ['Example'] then only the Example header will be removed.

The same thing applies to the other matched options:

  • scrubAllRequestHeaders <> scrubSpecificHeader
  • scrubAllCookies <> scrubSpecificCookie
  • scrubAllQueryParams <> scrubSpecificQueryParam
  • scrubAllPostParams <> scrubSpecificPostParam
  • scrubAllResponseHeaders <> scrubSpecificResponseHeader
  • scrubAllBodyContents <> scrubSpecificMimeTypes

Licensing

This software is dual licensed under an AGPL license plus a commercial license. If you would like to use this in your software without complying with the AGPL license please contact us.

Collaborating

Since this software is dual licensed under AGPL and a commercial license, any external contributions will be asked to sign a CLA.

Quality

This is our first time releasing a library and we're still learning how to do this. Please be kind and provide constructive criticism.