@agiledigital/pino-redact-pii v2.0.0
Pino + redact-pii
A collection of redaction solutions focused on Pino and redact-pii.
Usage
npm add @agiledigital/pino-redact-pii
This package contains a set of opinionated redaction paths for usage with Pino's built-in redaction capability. You are encouraged to contribute other paths that are known to contain sensitive information in objects from popular libraries or Node/browser built-ins.
To use them:
import { pino } from "pino";
import {
defaultRedactionPathsWithWildcardPrefix,
} from "@agiledigital/pino-redact-pii";
const customPaths = ["..."];
const logger = pino({
redact: {
paths: [...defaultRedactionPathsWithWildcardPrefix, ...customPaths],
},
});
This package also contains a wrapper around redact-pii
that makes it convenient to plug into Pino.
To use it:
import { pino } from "pino";
import { pinoPiiRedactor } from "@agiledigital/pino-redact-pii";
// This uses the default redactor. You can specify your own as an argument to `pinoPiiRedactor`.
const redactor = pinoPiiRedactor();
const logger = pino({
formatters: {
log: redactor,
},
});
You can combine both approaches.
Finally, this package contains a safeStringify
function that provides a few benefits over JSON.stringify
. You can use it without Pino.
- It supports circular structures (whereas
JSON.stringify
would throw). It replaces them with"[circular]"
, similar to Node'sutil.inspect
(but with no Node dependency). - It doesn't throw - it returns a success/failure discriminated union.
- It returns a failure if the result of stringification is not a string (e.g. if it is undefined)
- It will return a failure if you try to stringify an object that contains a BigInt (as per
JSON.stringify
). The workarounds are the same as forJSON.stringify
. See https://github.com/GoogleChromeLabs/jsbi/issues/30
import { defaultRedactor, safeStringify } from "@agiledigital/pino-redact-pii";
const obj = { text: "I might contain PII" };
// No redaction
const result = safeStringify(obj);
if (result.success) {
const str = result.value;
}
// With redaction
const reactor = defaultRedactor();
const result2 = safeStringify(obj, reactor);
The underlying redactor from the redact-pii
package can take a few seconds to start up. This happens when the first redaction is performed.
You can preemptively initialise the redactor and get this startup out of the way by redacting a dummy string and throwing away the result.
// Using the underlying SyncRedactor directly.
import { SyncRedactor } from "redact-pii";
new SyncRedactor().redact("");
// Or using our own default redactor (which wraps SyncRedactor).
import { defaultRedactor } from "@agiledigital/pino-redact-pii";
defaultRedactor().redact("");
Contributor getting started
- Make sure you have NVM installed.
- Create a new repo using this template (big green "use this template" button).
- Clone that repo.
- Then run the following:
# make sure the right version of node is being used
# tip: it might be worth automating this (https://github.com/nvm-sh/nvm#bash)
nvm use
# install dependencies
npm install
# compile
npm run build
# run the compiled code
node dist/index.js
IDE Notes
If you are using VSCode, it should automatically recommend you some important plugins for this package (e.g. eslint) If not, check the .vscode/extensions.json because they will greatly improve your workflow.