n-mask-logger
Wrapper for n-logger that masks sensitive fields
Installation
npm install @financial-times/n-mask-logger
Usage
Import n-mask-logger
, initialize it with an array of sensitive field names and use the new instance as you would n-logger:
import MaskLogger from '@financial-times/n-mask-logger';
const logger = new MaskLogger(ARRAY_OF_FIELD_NAMES_TO_MASK);
logger.info(...);
>
Logging levels info
, warning
, error
are supported.
Logging Simple Objects
const logger = new MaskLogger(['email', 'password']);
const user = {
name: 'L. Ogger',
age: 32,
email: 'logger@ft.com',
password: 'passw0rd',
role: 'Developer'
}
logger.info(user);
Output:
> {name:"L. Ogger",age:32,email:"*****",password:"*****",role:"Developer"}
Logging Nested Objects
const logger = new MaskLogger(['email', 'password']);
const deepObject = {
foo: 'bar',
inner: {
some: 'field',
deep: {
password: 'passw0rd'
},
email: 'logger@ft.com'
}
}
Output:
> {foo:"bar",inner:{some:"field",deep:{password:"*****"},email:"*****"}}
Logging Strings
Besides masking object fields n-mask-logger
will attempt to mask strings that look like they may contain sensitive information.
Ordinary Strings
const logger = new MaskLogger(['email', 'password']);
const innocuous = 'I am a safe string';
logger.info(innocuous);
Output:
> I am a safe string
Suspicious Strings
If the string being logged contains any of the sensitive field names (i.e. password), the entire string is masked as a precaution.
const logger = new MaskLogger(['email', 'password']);
const someVar = user.password;
const suspicious = `The user password is ${someVar}`;
logger.info(suspicious);
Output:
> *****
Exceptions
Some level of vigilance is still required when using n-mask-logger
, as the following would inevitably output a sensitive field in clear text:
const logger = new MaskLogger(['email', 'password']);
const someVar = user.password;
const uncaught = `${someVar}`
logger.info(uncaught);
Output:
> passw0rd