Giters

Mahmoudgalalz / secure-log

A better and secure console logging experience.

Home Page:https://discord.gg/DzAeRYtXDB

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Secure log ReleaseLint

A better and more secure console logging experience. Detects and prevents leaking secrets and API tokens into your logs.

Contents

Install

To use log,

yarn add @onboardbase/secure-log # npm i @onboardbase/secure-log

Usage

Import the SecureLog library at the top level of your project.

import SecureLog from '@onboardbase/secure-log';
new SecureLog(); // For JS projects, use new SecureLog.default() 

console.log('random value'); // Onboardbase Signatures here: random value.

Then you can use your console.log as usual. This should include the SecureLog prefix and log your value.

The SecureLog Library also accepts an object.

export default interface IOptions {
  disableOn?: 'development' | 'production'; // You can use this to specify if you want the SecureLog library to be disabled in a specific environment
  disableConsoleOn?: 'development' | 'production'; // You can use this to disable console entirely in a specific environment
}

Example:

new SecureLog({ disableConsoleOn: 'development' }); // This will disable the SecureLog library on development environment.
console.log('sensitive secret here'); // This won't be executed.

The disableConsoleOn option passed to the SecureLog library will ensure that the console.log statement is not executed.

The disableOn && disableConsoleOn depends on your process.env.NODE_ENV to work perfectly. That is, it compares the environment passed from the disableOn || disableConsoleOn option with the environment in your process.env.NODE_ENV to know when to disable the SecureLog library or the console statements itself.

The SecureLog library scans the arguments passed to the console.log function to check if any of the ...args inside your console.log function is a potential secret. It does this by comparing the arguments passed to console.log with the values of your current environment: process.env. It throws an error if any potential secret is found.

Example:

console.log('secret', process.env.AWS_ACCESS_KEY_ID); // Onboardbase Signatures here: ************ is a valid secret for the key: AWS_ACCESS_KEY_ID

This will throw a warning if an actual AWS_ACCESS_KEY_ID is found in the process.env to notify the user that they are logging a potential secret.

Supported console methods

The SecureLog library currently only supports these console methods:

  • console.log, console.clear, console.warn, console.profileEnd, console.debug, console.info, console.error

Contributing

Contributions of any kind are welcome! See the contributing guide.

Thanks goes to these contributors!

Roadmap

Features

  • Support for console.table.
  • AI to scan values passed to console.log and report potential sensitive logs.

License

See LICENSE © Onboardbase

About

A better and secure console logging experience.

https://discord.gg/DzAeRYtXDB

License:MIT License

Languages

Language:TypeScript 100.0%