From 138cf952fabece27bd8e73b772184ba1f50240a9 Mon Sep 17 00:00:00 2001 From: stefan Date: Thu, 15 Apr 2021 15:42:02 +0200 Subject: [PATCH 1/2] allow setting a function to replacement param --- README.md | 22 +++++++++++++++++++--- src/index.js | 2 +- test/src/index.test.js | 22 +++++++++++++++++++++- 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3d2f205..957bd55 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ $ npm install mask-json Option | Default value | Description ------------- | -------------- | ----------------------------------------------------- _ignoreCase_ | false | Whether to ignore case sensitivity when matching keys -_replacement_ | _--REDACTED--_ | The default value to replace +_replacement_ | _--REDACTED--_ | The default value to replace, this can be either an explicit value or a function using current value as only parameter ### Returns @@ -41,15 +41,31 @@ maskJson({ foo: 'bar', biz: { username: 'myusername', password: 'mypassword' } } // => { foo: 'bar', biz: { username: '--REDACTED--', password: '--REDACTED--' } } ``` -## Tests +Works the same when "replacement" is not a static string, but a function to convert +the original value somehow, e.g. mask some parts of a credit card number or phone number +like the original "1234-5678-9012" shall become "1234-****-9012". + +The replacement function is called with one parameter - the original value to replace. ```javascript +// with replacement function +var replaceFunc = function(value) { return value.toUpperCase() }; +var maskJson2 = require('mask-json')(blacklist, {replacement: replaceFunc}); + +maskJson2({ foo: 'bar', biz: { username: 'myusername', password: 'mypassword' } }); + +// => { foo: 'bar', biz: { username: 'MYUSERNAME', password: 'MYPASSWORD' } } +``` + +## Tests + +```shell script $ npm test ``` ## Release -```sh +```shell script npm version [ | major | minor | patch] -m "Release %s" ``` diff --git a/src/index.js b/src/index.js index 562345f..f35ae5f 100644 --- a/src/index.js +++ b/src/index.js @@ -17,7 +17,7 @@ module.exports = function maskJson(collection, { return cloneDeepWith(values, (value, key) => { // Strip matching keys. if (some(collection, item => ignoreCase ? toLower(key) === toLower(item) : key === item)) { - return replacement; + return (typeof replacement === 'function') ? replacement(value) : replacement; } // Allow cloneDeep to recurse into nested objects. diff --git a/test/src/index.test.js b/test/src/index.test.js index 2191da0..9ad268d 100644 --- a/test/src/index.test.js +++ b/test/src/index.test.js @@ -30,7 +30,7 @@ describe('maskJson()', () => { }); }); - it('should accept a custom `replacement`', () => { + it('should accept a custom `replacement` value', () => { const object = { foo: { password: 'foobar', @@ -46,6 +46,26 @@ describe('maskJson()', () => { }); }); + it('should accept a custom `replacement` function', () => { + const object = { + foo: { + password: 'foobar', + secret: 'bizbaz' + } + }; + + function replacementFunc(value) { + return value.toUpperCase(); + } + + expect(maskJson(['password', 'secret'], { replacement: replacementFunc })(object)).toEqual({ + foo: { + password: 'FOOBAR', + secret: 'BIZBAZ' + } + }); + }); + it('should mask non-plain objects', () => { const object = { bar: { From bd89c25c2debf6edcf3f0d9f5fa3d09f3f6ad7c5 Mon Sep 17 00:00:00 2001 From: stefan Date: Thu, 15 Apr 2021 15:43:57 +0200 Subject: [PATCH 2/2] update minimum lodash version required to mitigate many security vulnerabilities with older version --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index d79db9b..d41c341 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5237,9 +5237,9 @@ } }, "lodash": { - "version": "4.17.15", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", - "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "lodash.sortby": { "version": "4.7.0", diff --git a/package.json b/package.json index 622a69a..6b12f05 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "version": "npm run changelog && git add -A CHANGELOG.md" }, "dependencies": { - "lodash": "^4.17.4" + "lodash": "^4.17.21" }, "devDependencies": { "@uphold/github-changelog-generator": "^0.8.1",