A tiny utility to sanitize and redact sensitive fields in JavaScript/TypeScript objects — perfect for logging, debugging, and safely exposing data.
- 🔐 Redacts sensitive keys (like
password,token,apiKey) - ⚙️ Customizable redact values and key lists
- 🧼 Strips
<script>tags from strings - 🛡️ Detects basic XSS payloads
- 🔁 Handles deep nested objects and arrays
- 🧠 Ignores circular references
npm install sanitize-proxyimport { sanitize } from 'sanitize-proxy';
const input = {
username: 'alice',
password: 'secret123',
profile: {
token: 'abc-123',
bio: '<script>alert("xss")</script> Welcome!',
},
};
const clean = sanitize(input, {
stripUnsafeHtml: true,
detectXSS: true,
});
console.log(clean);Output:
{
username: 'alice',
password: '[REDACTED]',
profile: {
token: '[REDACTED]',
bio: '[XSS DETECTED]',
}
| Option | Type | Default | Description |
|---|---|---|---|
redact |
string[] |
See below | List of keys to redact |
redactValue |
string |
"[REDACTED]" |
Value used to replace redacted fields |
stripUnsafeHtml |
boolean |
false |
Removes <script> tags from string values |
detectXSS |
boolean |
false |
Replaces known XSS patterns in strings with [XSS DETECTED] |
Default redacted keys:
['password', 'token', 'apiKey', 'ssn']npm testMIT
-
Fork this repo
-
Create your feature branch (git checkout -b feature/awesome)
-
Commit your changes (git commit -am 'Add awesome feature')
-
Push to the branch (git push origin feature/awesome)
-
Open a pull request