Secure logger that automatically masks PII, API keys, JWTs, and credit cards before they hit your console or remote transport. Zero dependencies.
Built by OmniFolio — Financial Intelligence Platform.
- 🔒 Auto-masking — API keys, JWTs, emails, credit cards, passwords redacted automatically
- 🏷️ Structured output — ISO timestamps, log levels, JSON-formatted data
- 🚀 Zero dependencies — pure TypeScript, works in Node.js and Edge runtimes
- 🔌 Pluggable transport — send warnings/errors to Sentry, DataDog, CloudWatch, etc.
- 📊 Log levels — debug, log, info, warn, error with configurable minimum level
- 🔑 API key validation — safely check keys without exposing them
- 🧩 Object key detection — keys named
token,secret,password, etc. are auto-redacted
npm install @omnifolio/safe-loggerimport { logger } from '@omnifolio/safe-logger';
// Sensitive data is automatically masked
logger.info('User login', {
email: 'john@example.com', // → "jo***@example.com"
apiKey: 'AIzaSyD1234567890', // → "AIza...7890"
token: 'sk_live_abc123xyz', // → "[REDACTED]"
});
// Check API key presence safely
logger.apiKeyStatus('STRIPE_KEY', process.env.STRIPE_KEY);
// → "✅ STRIPE_KEY: Found (sk_l...xyz9)"
// Errors always logged + sent to transport
logger.error('Payment failed', new Error('Card declined'));import { createLogger } from '@omnifolio/safe-logger';
const logger = createLogger({
enabled: process.env.NODE_ENV === 'development',
maskSecrets: true,
minLevel: 'info', // Skip debug logs
transport: (level, message, data) => {
// Send to your remote logging service
fetch('/api/logs', {
method: 'POST',
body: JSON.stringify({ level, message, data, timestamp: Date.now() }),
});
},
});| Pattern | Example Input | Masked Output |
|---|---|---|
| Google API keys | AIzaSyD1234567890abcdefghij |
AIza...ghij |
| AWS keys | AKIAIOSFODNN7EXAMPLE |
AKIA...MPLE |
| Stripe keys | sk_live_abc123... |
sk_l...xyz9 |
| JWTs | eyJhbGci... |
[JWT_TOKEN] |
| Emails | john@example.com |
jo***@example.com |
| Credit cards | 4242 4242 4242 4242 |
****-****-****-**** |
| Passwords | password: secret123 |
password: [REDACTED] |
| Object keys | { apiKey: "..." } |
{ apiKey: "[REDACTED]" } |
Pre-configured logger instance. Methods: log(), info(), warn(), error(), debug(), success(), failure(), apiKeyStatus().
Create a custom logger instance with your own configuration.
Standalone masking function — recursively masks sensitive data in strings, arrays, and objects.
Check if an API key is valid without logging its value.
Safely serialize an Error object for logging or transport.
MIT — see LICENSE.
Built with ❤️ by OmniFolio