Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou Veileborg -  Nov 17, 2025
🚀 DAY 1 OF LAUNCH WEEK: Reachability for Ruby Now in Beta.Learn more →
tin-validator
Advanced tools
tin-validator
Validate and mask Taxpayer Identification Number (TIN) from US and EU countries. A TIN may be an Employer Identification Number (EIN), an Individual Taxpayer Identification Number (ITIN) or a Social Security number (SSN).
Most of the functions default to US country as you can see in the documentation below. Also for US country, entityType is not required. When trying to validate EU TIN we need to set both paramenters country and entityType as TIN format varies from ech country and entity types.
For EU TIN validation, we first try to validate by using an online API provided by the European Commisision, if any error is received from this API (for example, if the API is down), then we run our internal validations instead.
Status
Installation
Install the package via npm:
npm install tin-validator --save
Usage
isValid(value)
This method validates if the given value is a valid Taxpayer Identification Number.
Arguments
value(*): The string value to validate.options(object, optional):country(string, optional): Country of document to validate (by default,US).entityType(string, optional): Possible values:natural-personandlegal-entity. By default:natural-person.
Returns
(boolean): Returns whether the input value is a valid TIN or not.
Example
isValid({});
// => false
isValid('9-0-0700000');
// => false
isValid('900-70-0000');
// => true
isValid('900700000');
// => true
isValid('123456789', { country: 'PT', entityType: 'natural-person' });
// => true
mask(value)
This method will help you protect this sensitive piece of information by obfuscating some digits.
Arguments
value(*): The value to mask.options(object, optional):country(string, optional): Country of document to mask (by default,US).entityType(string, optional): Regulation entity type (by default,natural-person).
Returns
(string): Returns the masked value by replacing value certain digits by 'X'.
Example
mask({});
// Throws an Error.
mask('9-0-0700000');
// Throws an Error.
mask('900-70-0000');
// => XXX-XX-0000
mask('900700000');
// => XXXXX0000
sanitize(value)
This method will remove all non numeric characters from the value.
Arguments
value(*): The value to sanitize.options(object, optional):country(string, optional): Country of document to sanitize (by default,US).entityType(string, optional): Regulation entity type (by default,natural-person).
Returns
(string): Returns the sanitized value containing only numeric characters.
Example
sanitize('9-0 0700000');
// => 900700000
sanitize('900a7#$0foobar0000');
// => 900700000
Tests
To test using a local installation of node.js:
npm test
Release process
The release of a version is automated via the release GitHub workflow. Run it by clicking the "Run workflow" button.
Upgrading from version 1 to version 2
The methods on version 1 are the same as on version 2. The only change is that the methods were sync, while now they are async.
License
MIT
FAQs
Taxpayer Identification Number validator and masker
We found that tin-validator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 11 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
By Olivia Brown -  Nov 17, 2025
Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt -  Nov 14, 2025