When the container starts, it prints the MongoDB connection string in the container log, which is unnecessary and insecure. Although this application is likely to be self-hosted, anyone with access to the container logs could then query the db directly for information about trades. Probably not that big of a deal if someone's running it locally or in their house, but it's still an unnecessary risk.

I'm running this in Kubernetes with the URI as a secured K8s secret. Having the string printed to the log undermines all of the security.

At the very least, please *** out the password portion of the URI, like in the example below:

➤ k logs tradenote-65f5dfdcc5-2wfxv

> tradenote@11.20.9 start
> node index.js

databaseURI mongodb://tradenote:********@mongo.home.monach.us:27017/tradenote

This is a good point. Will look into it

Ok, done in v12.0.7