feat: secret scanning method

.github/workflows/size.yml

@@ -1,12 +1,12 @@
-name: size
-on: [pull_request]
-jobs:
-  size:
-    runs-on: ubuntu-latest
-    env:
-      CI_JOB_NUMBER: 1
-    steps:
-      - uses: actions/checkout@v1
-      - uses: andresz1/size-limit-action@v1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+# name: size
+# on: [pull_request]
+# jobs:
+#   size:
+#     runs-on: ubuntu-latest
+#     env:
+#       CI_JOB_NUMBER: 1
+#     steps:
+#       - uses: actions/checkout@v1
+#       - uses: andresz1/size-limit-action@v1
+#         with:
+#           github_token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,50 +1,55 @@
-
 <div align=“center”>
 
 # Securelog Logs [![Release](https://github.com/onboardbase/secure-log/actions/workflows/main.yml/badge.svg)](https://github.com/onboardbase/secure-log/actions/workflows/main.yml)[![Lint](https://github.com/onboardbase/secure-log/actions/workflows/main.yml/badge.svg)](https://github.com/onboardbase/secure-log/actions/workflows/main.yml)
 
 A better and more secure console logging experience. Detects and prevents leaking secrets and API tokens into your logs.
 
 Need Secret scanning in other places?
+
 - [Securelog for your build and runtime logs](https://github.com/Onboardbase/securelog-scan)
 - [Securelog for your react server components](https://github.com/Onboardbase/securelog-rsc)
 
 </div>
 
 # Contents
 
-  - [Install](#install)
-  - [Usage](#usage)
-    - [Supported console methods](#supported-console-methods)
+- [Install](#install)
+- [Usage](#usage)
+  - [Supported console methods](#supported-console-methods)
 
 ## Install
 
 To use `SecureLog`,
 
 ---
+
 ```bash
 yarn add securelogs # npm i securelogs
 ```
+
 ---
 
 ## Usage
 
 Import the SecureLog library at the top level of your project. If you use any env/secret library (e.g. dotenv) in your project, you should import those before importing SecureLog.
 
 ---
+
 ```js
 import SecureLog from 'securelogs';
 new SecureLog(); // For JS projects, use new SecureLog.default()
 
 console.log('random value'); // Onboardbase Signatures here: random value.
 ```
+
 ---
 
 Then you can use your `console.log` as usual. This should include the `SecureLog` prefix and log your value.
 
 The SecureLog Library also accepts an object.
 
 ---
+
 ```js
 export default interface IOptions {
   disableOn?: 'development' | 'production'; // You can use this to specify if you want the SecureLog library to be disabled in a specific environment
@@ -56,15 +61,18 @@ export default interface IOptions {
   globalConsoleObject:? Console // SecureLog advertently uses the standard console.log to output to the console, this option enables configuring the standard console object that is used within the library to output to the console.
 }
 ```
+
 ---
 
 Example:
 
 ---
+
 ```js
 new SecureLog({ disableConsoleOn: 'development', warnOnly: true }); // This will disable the SecureLog library on development environment.
 console.log('sensitive secret here'); // This won't be executed.
 ```
+
 ---
 
 If a secret is detected in a log message, SecureLog can either issue a warning or **exit** the process, depending on the `warnOnly` option. The default value for `warnOnly` is `false`, hence SecureLog will exit the process when it detects a secret leak.
@@ -78,44 +86,50 @@ The SecureLog library scans the `arguments` passed to the `console.log` function
 Example:
 
 ---
+
 ```js
 console.log('secret', process.env.AWS_ACCESS_KEY_ID); // Onboardbase Signatures here: ************ is a valid secret for the key: AWS_ACCESS_KEY_ID
 ```
+
 ---
 
 This will throw a warning if an actual `AWS_ACCESS_KEY_ID` is found in the `process.env` to notify the user that they are logging a potential secret.
 
 Example: `React App`
 
 ---
+
 ```html
 <head>
   <script defer src="https://cdn.jsdelivr.net/npm/securelogs/dist/index.min.js">
     new SecureLog.default()
   </script>
 </head>
 ```
+
 ---
 
 Example: `NodeJs`
 
 ---
+
 ```js
-const express = require('express')
-const app = express()
-const SecureLog = require('securelogs')
+const express = require('express');
+const app = express();
+const SecureLog = require('securelogs');
 
-const port = 3000
-new SecureLog()
+const port = 3000;
+new SecureLog();
 
 app.get('/', (req, res) => {
-  res.send('Hello World!')
-})
+  res.send('Hello World!');
+});
 
 app.listen(port, () => {
-  console.log(`Example app listening on port ${port}`)
-})
+  console.log(`Example app listening on port ${port}`);
+});
 ```
+
 ---
 
 ### Supported console methods
@@ -127,27 +141,28 @@ The SecureLog library currently only supports these console methods:
 ### API
 
 #### createSecureConsolaReporter
-To securely log with [consola](https://github.com/unjs/consola), use the `createSecureConsolaReporter` method to create a reporter. 
+
+To securely log with [consola](https://github.com/unjs/consola), use the `createSecureConsolaReporter` method to create a reporter.
 
 It exposes a secure log instance with the following config: `{ warnOnly: true, forceNewInstance: true, maskLeakedSecrets: true, }`
 
 ```ts
-import { createSecureConsolaReporter } from "securelogs"
-const options: IOptions = {} // override the default config used to initialize secure log instance
-const consola = createSecureConsolaReporter(options)
-process.env.NODE_ENV = "development"
-consola.log("hello there from development") // {"date":"2024-04-12T17:46:07.099Z","args":["hello there from ***********"],"type":"log","level":2,"tag":""}
+import { createSecureConsolaReporter } from 'securelogs';
+const options: IOptions = {}; // override the default config used to initialize secure log instance
+const consola = createSecureConsolaReporter(options);
+process.env.NODE_ENV = 'development';
+consola.log('hello there from development'); // {"date":"2024-04-12T17:46:07.099Z","args":["hello there from ***********"],"type":"log","level":2,"tag":""}
 ```
 
 ### maskLeakedSecrets(data: any) : any
 
 Mask leaked secrets in a string|array|object.
 
 ```ts
-import { maskSecretLeaks } from "securelogs"
+import { maskSecretLeaks } from 'securelogs';
 
 // mask secrets existing in a predefined array of values
-const valuesIn = ['asd']
+const valuesIn = ['asd'];
 // *** 9200 *** development
 console.log(maskSecretLeaks('asd 9200 asd development', valuesIn));
 
@@ -166,13 +181,27 @@ console.log(maskSecretLeaks({ nested: { env: 'development' } }));
 ```
 
 ### validateSecretLeak(data: any): boolean
+
 Validate if a string|object|array contains secrets
+
 ```ts
-import { validateSecretLeak } from "securelogs"
+import { validateSecretLeak } from 'securelogs';
 
 const secrets = { PORT: '9200', NODE_ENV: 'development' };
 
 process.env = secrets;
 
-console.log(validateSecretLeak("development")) // true
+console.log(validateSecretLeak('development')); // true
+```
+
+### scanSecretsInString(rawValue: string) : string
+
+This takes in a string and checks if the strings contains a secret, if it does, it automatically masks all the secrets in the data provided and returns the data back with secrets masked
+
+```ts
+import { scanSecretsInString } from 'securelogs';
+
+const safeString = await scanSecretsInString(
+  'This is a very long string with AKIAKSDKDBDSDSDBD AWS secrets attached'
+); // This is a very long string with AKIA******** AWS secrets attached
 ```

package.json

@@ -1,5 +1,5 @@
 {
-  "version": "3.1.0",
+  "version": "3.1.2",
   "license": "MIT",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -83,6 +83,6 @@
     "consola": "^3.2.3",
     "mask-sensitive-data": "^0.11.5",
     "node": "^18.20.2",
-    "npm": "^10.5.2"
+    "securelog-scan": "^3.0.7"
   }
 }

src/index.ts

@@ -4,3 +4,4 @@ export default SecureLog;
 export * from './createConsolaExporter';
 export * from './validateSecretLeak';
 export * from './maskLeakedSecret';
+export * from './scanString';

src/scanString.ts

@@ -0,0 +1,5 @@
+import { processPossibleSecretsInString } from 'securelog-scan/dist/fileScanner';
+
+export const scanSecretsInString = async (rawValue: string) => {
+  return await processPossibleSecretsInString({ rawValue });
+};

tsconfig.json

@@ -30,6 +30,6 @@
     // error out if import and file system have a casing mismatch. Recommended by TS
     "forceConsistentCasingInFileNames": true,
     // `tsdx build` ignores this option, but it is commonly used when type-checking separately with `tsc`
-    "noEmit": true,
+    "noEmit": true
   }
 }