npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

sensitive-param-filter

v2.0.4

Published

A package for filtering sensitive data from any object - best used to sanitize logs.

Downloads

6

Readme

Sensitive Param Filter

sensitive-param-filter is a zero-dependency package designed to filter sensitive values from JavaScript objects. This package can be used to scrub logs, filter data before outputting to a UI, etc. The defaults provided with sensitive-param-filter should work well for most applications.

Installation

npm install sensitive-param-filter

Usage

import { SensitiveParamFilter } from 'sensitive-param-filter';
const paramFilter = new SensitiveParamFilter();
const rawObject = {
  Authorization: 'Bearer somedatatoken',
  body: {
    info: '{ "amount": 28.64, "credit_card": "4242424242424242", "cvv": "123" }',
  },
  method: 'POST',
  url: 'https://pay.example.com?user=bob.bobbington&password=asecurepassword1234',
};
const filteredObject = paramFilter.filter(rawObject);
// filteredObject = {
//   Authorization: 'FILTERED',
//   body: {
//     info: '{ "amount": 28.64, "credit_card": "FILTERED", "cvv": "FILTERED" }'
//   },
//   method: 'POST',
//   url: 'https://pay.example.com?user=bob.bobbington&password=FILTERED'
// }

Details

sensitive-param-filter examines keys to determine which values to filter. Partial matches and case-insensitive matches are filtered - if the key AUTH is provided, Authorization, AUTHENTICATION, etc. will be filtered.

Key Features

  • Does not modify input objects
  • Performs a deep copy of the input object
  • Can be configued to filter out or leave "unexpected" objects (such as functions)
  • Handles circular references
  • Filters valid JSON strings
  • Filters valid and malformed URL query params
  • Filters Errors, Arrays, Maps, Sets, and simple objects

Options

import { SPFDefaultFilteredKeys, SensitiveParamFilter } from 'sensitive-param-filter';
const filter = new SensitiveParamFilter({
  filterUnknown: false,
  keysToFilter: SPFDefaultFilteredKeys.concat(['data', 'email']),
  replacement: '***',
  whitelist: ['authentic', 'encryption_standard'],
});
  • filterUnknown: Indicates whether "unexpected" objects (such as functions) should be filtered or returned as-is. Defaults to true

  • keysToFilter: An array of string keys to filter. These entries will be combined into a regex that is used by sensitive-param-filter. Setting this option overwrites the default array (SPFDefaultFilteredKeys).

  • replacement: The object to replace filtered values with. Defaults to 'FILTERED'.

  • whitelist: An array of strings to exclude from filtering. For example, if pass_through is including in the whitelist, the key pass_through will not be filtered. Note that entries must match keys exactly to prevent filtering - that is, whitelisting secrets still causes secrets_store to be filtered.

Default Values

See defaults. Note that all of these values can be overridden via the options.

The default keys that are filtered are:

  • auth
  • bearer
  • credit
  • CVD
  • CVV
  • encrypt
  • PAN
  • pass
  • secret
  • token