npm
Sign UpSign In

safe-logging-replit
TypeScript icon, indicating that this package has built-in type declarations

1.3.2 • Public • Published

Safe logging for Replit

A wrapper for the Node.js console to safely log strings to the console avoiding DoS vulnerabilities on Replit.

Example

const { makeConsoleSafe, forbiddenBitcoinStr } = require('safe-logging-replit');

// This is UNSAFE
console.log(forbiddenBitcoinStr);

makeConsoleSafe(console);

// This is now safe
console.log(forbiddenBitcoinStr);

A screen recording of with vs. without:

video

Why use this?

This package aims to fix a denial of service vulnerability on Replit. Not going into details here as it's a security vulnerability yet to be reported. But the vulnerability consists of the attacker sending specially crafted payloads to specific parts of your app to log a special string to your console. This string is seen as malicious by Replit, and your Repl gets flagged and taken down.

With this package, you avoid this vulnerability completely. Because of how strings get printed with this package, Replit can't detect them properly and therefore it's safe to print whatever you want.

Readme

Keywords

Package Sidebar

Install

npm i safe-logging-replit

Weekly Downloads

7

Version

1.3.2

License

ISC

Unpacked Size

4.31 kB

Total Files

4

Last publish

Collaborators

  • luisafk
Try on RunKit
Report malware