@snapshot-labs/snapshot-sentry - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

dist/index.d.ts

@@ -0,4 +1,8 @@
+/// <reference types="node" />
+import * as Sentry from '@sentry/node';
 import type { Express } from 'express';
+export declare function scrubData(exception: Sentry.Exception, regex: RegExp): void;
+export declare function sensitiveDataToScrub(collection: NodeJS.ProcessEnv): false | RegExp;
 export declare function initLogger(app?: Express): void;
 export declare function fallbackLogger(app?: Express): void;
 export declare function capture(e: any, captureContext?: any): void;

dist/index.js

@@ -26,8 +26,30 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.capture = exports.fallbackLogger = exports.initLogger = void 0;
+exports.capture = exports.fallbackLogger = exports.initLogger = exports.sensitiveDataToScrub = exports.scrubData = void 0;
 const Sentry = __importStar(require("@sentry/node"));
 const DEFAULT_TRACE_SAMPLE_RATE = '0.01';
+const SCRUB_MASK = '[Filtered]';
 function shouldDisable() {
     return !process.env.SENTRY_DSN;
 }
+function scrubData(exception, regex) {
+    if (exception.value) {
+        exception.value = exception.value.replaceAll(/\?(apiKey)=[a-zA-Z0-9]+/gi, `?$1=${SCRUB_MASK}`);
+        exception.value = exception.value.replaceAll(regex, SCRUB_MASK);
+    }
+}
+exports.scrubData = scrubData;
+function sensitiveDataToScrub(collection) {
+    const stringsToScrub = Object.keys(collection)
+        .filter(k => k.match(/_(KEY|API|SECRET|TOKEN)$/i))
+        .map(key => collection[key])
+        .filter(key => key);
+    if (stringsToScrub.length === 0) {
+        return false;
+    }
+    return new RegExp(stringsToScrub
+        .map(s => s.replace(/[()[\]{}*+?^$|#.,\/\\\s-]/g, '\\$&'))
+        .sort((a, b) => b.length - a.length)
+        .join('|'), 'gi');
+}
+exports.sensitiveDataToScrub = sensitiveDataToScrub;
 function initLogger(app) {
@@ -45,6 +67,14 @@ if (shouldDisable()) {
     }
+    const regexToScrub = sensitiveDataToScrub(process.env);
+    console.log(regexToScrub);
     Sentry.init({
         dsn: process.env.SENTRY_DSN,
         integrations,
-        tracesSampleRate: parseFloat(process.env.SENTRY_TRACE_SAMPLE_RATE ?? DEFAULT_TRACE_SAMPLE_RATE)
+        tracesSampleRate: parseFloat(process.env.SENTRY_TRACE_SAMPLE_RATE ?? DEFAULT_TRACE_SAMPLE_RATE),
+        beforeSend(event) {
+            for (const exception of event.exception?.values ?? []) {
+                regexToScrub && scrubData(exception, regexToScrub);
+            }
+            return event;
+        }
     });
@@ -51,0 +81,0 @@ if (app) {

package.json

 {
   "name": "@snapshot-labs/snapshot-sentry",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "license": "MIT",
@@ -8,7 +8,8 @@ "main": "dist/index.js",
   "scripts": {
-    "build": "tsc",
     "lint": "eslint ./src --ext .ts",
     "typecheck": "tsc --noEmit",
+    "build": "tsc",
     "prepare": "yarn build",
-    "prepublishOnly": "yarn run lint"
+    "prepublishOnly": "yarn run lint",
+    "test": "jest test"
   },
@@ -23,3 +24,3 @@ "eslintConfig": {
   "engines": {
-    "node": ">=14 < 17 || 18"
+    "node": ">=16 < 17 || >= 18"
   },
@@ -30,6 +31,9 @@ "devDependencies": {
     "@types/express": "^4.17.17",
+    "@types/jest": "^29.5.4",
     "@types/node": "^20.4.5",
     "eslint": "^8.36.0",
     "eslint-plugin-prettier": "5",
+    "jest": "^29.6.4",
     "prettier": "^3.0.0",
+    "ts-jest": "^29.1.1",
     "ts-node": "^10.9.1",
@@ -36,0 +40,0 @@ "typescript": "^5.1.6"

src/index.ts

@@ -5,2 +5,3 @@ import * as Sentry from '@sentry/node';
 const DEFAULT_TRACE_SAMPLE_RATE = '0.01';
+const SCRUB_MASK = '[Filtered]';
 
@@ -11,2 +12,28 @@ function shouldDisable() {
 
+export function scrubData(exception: Sentry.Exception, regex: RegExp) {
+  if (exception.value) {
+    exception.value = exception.value.replaceAll(/\?(apiKey)=[a-zA-Z0-9]+/gi, `?$1=${SCRUB_MASK}`);
+    exception.value = exception.value.replaceAll(regex, SCRUB_MASK);
+  }
+}
+
+export function sensitiveDataToScrub(collection: NodeJS.ProcessEnv) {
+  const stringsToScrub = Object.keys(collection)
+    .filter(k => k.match(/_(KEY|API|SECRET|TOKEN)$/i))
+    .map(key => collection[key])
+    .filter(key => key) as string[];
+
+  if (stringsToScrub.length === 0) {
+    return false;
+  }
+
+  return new RegExp(
+    stringsToScrub
+      .map(s => s.replace(/[()[\]{}*+?^$|#.,\/\\\s-]/g, '\\$&'))
+      .sort((a, b) => b.length - a.length)
+      .join('|'),
+    'gi'
+  );
+}
+
 export function initLogger(app?: Express) {
@@ -27,6 +54,15 @@ if (shouldDisable()) {
 
+  const regexToScrub = sensitiveDataToScrub(process.env);
+  console.log(regexToScrub);
   Sentry.init({
     dsn: process.env.SENTRY_DSN,
     integrations,
-    tracesSampleRate: parseFloat(process.env.SENTRY_TRACE_SAMPLE_RATE ?? DEFAULT_TRACE_SAMPLE_RATE)
+    tracesSampleRate: parseFloat(process.env.SENTRY_TRACE_SAMPLE_RATE ?? DEFAULT_TRACE_SAMPLE_RATE),
+    beforeSend(event) {
+      for (const exception of event.exception?.values ?? []) {
+        regexToScrub && scrubData(exception, regexToScrub);
+      }
+
+      return event;
+    }
   });
@@ -33,0 +69,0 @@

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

11758

increased by33.86%

Number of package files

7

increased by16.67%

Lines of code

193

increased by50.78%

Worsened metrics

Dev dependency count

12

increased by33.33%

Number of low supply chain risk alerts

5

increased by25%

No dependency changes