A package for filtering sensitive data (parameters, keys) from a variety of JS objects
npm install @amaabca/sensitive-param-filter
sensitive-param-filter is a zero-dependency package designed to filter sensitive values from JavaScript objects.
This package can be used to scrub logs, filer data before outputting to a UI, etc.
The defaults provided with sensitive-param-filter should work well for most applications.
Install sensitive-param-filter to your project via either npm:
npm install @amaabca/sensitive-param-filter
or yarn:
yarn add @amaabca/sensitive-param-filter
``js`
const { SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const paramFilter = new SensitiveParamFilter()
const rawObject = {
Authorization: 'Bearer somedatatoken',
body: {
info: '{ "amount": 28.64, "credit_card": "4242424242424242", "cvv": "123" }'
},
method: 'POST',
url: 'https://pay.example.com?user=bob.bobbington&password=asecurepassword1234'
}
const filteredObject = paramFilter.filter(rawObject)
// filteredObject = {
// Authorization: 'FILTERED',
// body: {
// info: '{ "amount": 28.64, "credit_card": "FILTERED", "cvv": "FILTERED" }'
// },
// method: 'POST',
// url: 'https://pay.example.com?user=bob.bobbington&password=FILTERED'
// }
sensitive-param-filter examines keys to determine which values to filter.
Key matching is done in a case-insensitive, partial-macthing manner (that is, if the param AUTH is provided, Authorization, AUTHENTICATION, etc. will be filtered).
* Does not modify input objects
* Performs a deep copy of the input object (note that booleans, numbers, and strings - which are immutable - are technically copied by reference)
* Can be configued to filter out or leave "unexpected" objects (such as functions)
* Handles circular references
* Filters valid JSON strings
* Filters valid and malformed URL query params
* Filters Errors, Arrays, Maps, Sets, and simple objects
`js`
const { SPFDefaultParams, SensitiveParamFilter } = require('@amaabca/sensitive-param-filter')
const filter = new SensitiveParamFilter({
filterUnknown: false,
params: SPFDefaultParams.concat(['data', 'email']),
replacement: '*',
whitelist: ['authentic', 'encryption_standard']
})
* filterUnknown:
Indicates whether "unexpected" objects (such as functions) should be filtered or returned as-is.
Defaults to true
* params:
An array of string params to filter.
These entries will be combined into a regex that is used by sensitive-param-filter.
Setting this option overwrites the default array (SPFDefaultParams).
* replacement:
The object to replace filtered values with.
Defaults to 'FILTERED'.
* whitelist:
An array of strings to exclude from filtering.
For example, if pass_through is including in the whitelist, the key pass_through will not be filtered.secrets
Note that entries must match keys exactly to prevent filtering - that is, whitelisting still causes secrets_store to be filtered.
See defaults.
Note that all of these values can be overridden via the options.
The default keys that are filtered are:
* auth
* bearer
* credit
* CVD
* CVV
* encrypt
* PAN
* pass
* secret
* token
sensitive-param-filter` uses the MIT license.
See the license.
We welcome contributions.
See contributing.