2.0.0 • Published 4 months ago

@agiledigital/pino-redact-pii v2.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
4 months ago

Pino + redact-pii

A collection of redaction solutions focused on Pino and redact-pii.

CI Status npm (scoped)

Usage

npm add @agiledigital/pino-redact-pii

This package contains a set of opinionated redaction paths for usage with Pino's built-in redaction capability. You are encouraged to contribute other paths that are known to contain sensitive information in objects from popular libraries or Node/browser built-ins.

To use them:

import { pino } from "pino";
import {
  defaultRedactionPathsWithWildcardPrefix,
} from "@agiledigital/pino-redact-pii";

const customPaths = ["..."];

const logger = pino({
  redact: {
    paths: [...defaultRedactionPathsWithWildcardPrefix, ...customPaths],
  },
});

This package also contains a wrapper around redact-pii that makes it convenient to plug into Pino.

To use it:

import { pino } from "pino";
import { pinoPiiRedactor } from "@agiledigital/pino-redact-pii";

// This uses the default redactor. You can specify your own as an argument to `pinoPiiRedactor`.
const redactor = pinoPiiRedactor();

const logger = pino({
  formatters: {
    log: redactor,
  },
});

You can combine both approaches.

Finally, this package contains a safeStringify function that provides a few benefits over JSON.stringify. You can use it without Pino.

  1. It supports circular structures (whereas JSON.stringify would throw). It replaces them with "[circular]", similar to Node's util.inspect (but with no Node dependency).
  2. It doesn't throw - it returns a success/failure discriminated union.
  3. It returns a failure if the result of stringification is not a string (e.g. if it is undefined)
  4. It will return a failure if you try to stringify an object that contains a BigInt (as per JSON.stringify). The workarounds are the same as for JSON.stringify. See https://github.com/GoogleChromeLabs/jsbi/issues/30
import { defaultRedactor, safeStringify } from "@agiledigital/pino-redact-pii";

const obj = { text: "I might contain PII" };

// No redaction
const result = safeStringify(obj);
if (result.success) {
  const str = result.value;
}

// With redaction
const reactor = defaultRedactor();
const result2 = safeStringify(obj, reactor);

The underlying redactor from the redact-pii package can take a few seconds to start up. This happens when the first redaction is performed.

You can preemptively initialise the redactor and get this startup out of the way by redacting a dummy string and throwing away the result.

// Using the underlying SyncRedactor directly.
import { SyncRedactor } from "redact-pii";
new SyncRedactor().redact("");

// Or using our own default redactor (which wraps SyncRedactor).
import { defaultRedactor } from "@agiledigital/pino-redact-pii";
defaultRedactor().redact("");

Contributor getting started

  1. Make sure you have NVM installed.
  2. Create a new repo using this template (big green "use this template" button).
  3. Clone that repo.
  4. Then run the following:
# make sure the right version of node is being used
# tip: it might be worth automating this (https://github.com/nvm-sh/nvm#bash)
nvm use
# install dependencies
npm install
# compile
npm run build
# run the compiled code
node dist/index.js

IDE Notes

If you are using VSCode, it should automatically recommend you some important plugins for this package (e.g. eslint) If not, check the .vscode/extensions.json because they will greatly improve your workflow.

redact-pii
2.0.0

4 months ago

1.0.4

4 months ago

1.0.3

5 months ago

1.0.2

5 months ago

1.0.1

5 months ago