json-masker
A library for masking field values in JSON. Useful when there is a need to log JSON which potentially contains sensitive data such as PII.
Installation
$ npm install json-masker
Usage
const masker = ;const maskerOptions = /*...*/;const mask = ;const maskedJson = ;
Logging incoming HTTP requests:
// ...app;
Configuration
json-masker can be configured via options object passed into factory function. Possible parameters are:
whitelist
- a field whitelist. The values of whitelisted fields will not be masked. See Whitelist section for whitelist format documentation. Default: emptywhitelists
- a collection of field whitelists. Used ifwhitelist
option is not present, otherwise is ignored. Allows to define multiple logicaly-split whitelists. Is only for user convenience. Internally, the collection of whitelists is merged into one anyway. Default: emptyenabled
- a boolean flag that toggles masking functionality. If set tofalse
, none of the fields will be masked. Might be useful for debug purposes. Default:true
Whitelist
A whitelist can be defined as:
- An array of values:
['field1', 'field2']
- A string of comma separated values:
'field1, field2'
. Whitespaces between values are optional and ignored.
A field in a whitelist can be difined by:
- name (case-insensitive), e.g.
myField
- json-path, e.g.
$.myFieldParent.myField
. For more details see json-path documentation
Examples
const mask = ;
const mask = ;
const mask = ;
Masking strategy
Example of input:
Output:
Rules
- strings
- whitespaces remain unchanged
- punctuation marks (non-alphanumeric characters of latin-1) remain unchanged
- latin-1 characters 1-9 become
*
- latin-1 characters A-Z become
X
- all other UTF-8 characters become
x
- numbers are converted to strings where each 1-9 character is replaced with
*
(e.g.125
becomes"***"
or3.95
becomes"*.**"
) - booleans: remain unchanged
- nulls: remain unchanged