Redacted: Secure Handling of Sensitive Data

Preventing Accidental Data Exposure in JavaScript Applications

Redacted is a lightweight JavaScript/TypeScript library designed to protect sensitive data from accidental exposure through logs, serialization, and other common leak vectors. By wrapping sensitive values in a Redacted class, developers gain explicit control over when and how this data is accessed, significantly reducing the risk of unintended data exposure.

The Challenge

In modern applications, sensitive data like passwords, API keys, and personal information flows through various components and systems. Developers face several challenges in keeping this data secure:

• Accidental logging of sensitive information
• Unintended inclusion in serialized objects (JSON.stringify)
• Difficulty tracking where sensitive data is being used
• Lack of explicit access patterns for sensitive values
• Integration with existing validation libraries

These challenges can lead to serious security incidents, compliance violations, and privacy breaches.

Our Solution

Redacted provides a simple yet powerful approach to sensitive data handling:

• Wrapper Class: Encapsulates sensitive values in a protective container
• Logging Protection: Prevents sensitive data from appearing in logs
• Serialization Safety: Controls how data is represented in serialized objects
• Explicit Access: Requires deliberate code to access the protected values
• Zod Integration: Works seamlessly with zod schema validation

How It Works

Redacted uses a straightforward pattern to protect sensitive data:

import { redacted } from "@dsegovia90/redacted";

// Create a redacted value
const password = redacted("very-secret-password");

// This will not expose the value
console.log(password); // [Redacted]

// Explicit access when needed
const actualPassword = password.value;

// Works with zod schemas
import { z } from "zod";
const UserSchema = z.object({
  username: z.string(),
  password: redacted(z.string()),
});

Technical Implementation

Redacted is implemented as a lightweight TypeScript library with:

• Custom toString/toJSON: Prevents accidental exposure in logs and serialization
• Type Safety: Full TypeScript support for type checking and IDE integration
• Zero Dependencies: Minimal footprint with no external dependencies
• Zod Compatibility: Seamless integration with zod schema validation

Available Packages

Redacted is available through multiple package managers:

• NPM: https://www.npmjs.com/package/@dsegovia90/redacted
• JSR: https://jsr.io/@dsegovia/redacted
• GitHub: https://github.com/dsegovia90/redacted

Use Cases

Redacted is ideal for:

• API Development: Protect API keys and tokens
• Authentication Systems: Secure password handling
• Personal Information: Control access to PII (Personally Identifiable Information)
• Financial Applications: Safeguard sensitive financial data
• Healthcare Systems: Protect patient information

By making sensitive data access explicit and preventing accidental exposure, Redacted helps developers build more secure applications with minimal overhead.