The latest articles on DEV Community by Yashwanth sai Arukuti (@arukutiyash). https://dev.to/arukutiyash https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3886693%2F72ed1a0d-7634-4293-9fb0-dba4eb42e7de.jpeg https://dev.to/arukutiyash en Yashwanth sai Arukuti Sun, 19 Apr 2026 00:44:56 +0000 https://dev.to/arukutiyash/stop-accidentally-logging-passwords-and-tokens-fix-it-in-one-line-3bp8 https://dev.to/arukutiyash/stop-accidentally-logging-passwords-and-tokens-fix-it-in-one-line-3bp8 <p>We've all done this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">User login:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="c1">// Oops. Password just went to Datadog.</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">token</span><span class="p">,</span> <span class="nx">session</span> <span class="p">});</span> <span class="c1">// Oops. Token just went to Sentry.</span> </code></pre> </div> <p>I kept doing this in my projects. So I built a tiny npm package <br> to fix it — <strong>fieldmasker</strong>.</p> <h2> What it does </h2> <p>It masks sensitive fields from any JavaScript object before it <br> touches your logger, analytics, or API response.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">fieldmasker</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">fieldmasker</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">John</span><span class="dl">"</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">"</span><span class="s2">john@example.com</span><span class="dl">"</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">"</span><span class="s2">supersecret</span><span class="dl">"</span><span class="p">,</span> <span class="na">token</span><span class="p">:</span> <span class="dl">"</span><span class="s2">sk-abc123xyz</span><span class="dl">"</span><span class="p">,</span> <span class="na">card</span><span class="p">:</span> <span class="dl">"</span><span class="s2">4111111111111234</span><span class="dl">"</span> <span class="p">};</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nf">fieldmasker</span><span class="p">(</span><span class="nx">user</span><span class="p">).</span><span class="nf">auto</span><span class="p">().</span><span class="nf">value</span><span class="p">());</span> <span class="c1">// {</span> <span class="c1">// name: "John",</span> <span class="c1">// email: "john@example.com",</span> <span class="c1">// password: "****",</span> <span class="c1">// token: "****",</span> <span class="c1">// card: "****"</span> <span class="c1">// }</span> </code></pre> </div> <p>One line. Done.</p> <h2> Install </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>fieldmasker </code></pre> </div> <h2> Real world usage </h2> <h3> Safe Express logging middleware </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">({</span> <span class="na">method</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">method</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="nx">req</span><span class="p">.</span><span class="nx">path</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">fieldmasker</span><span class="p">.</span><span class="nf">auto</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">)</span> <span class="c1">// never log raw body again</span> <span class="p">});</span> <span class="nf">next</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <h3> Safe Sentry reporting </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">Sentry</span><span class="p">.</span><span class="nf">configureScope</span><span class="p">(</span><span class="nx">scope</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">scope</span><span class="p">.</span><span class="nf">setUser</span><span class="p">(</span><span class="nx">fieldmasker</span><span class="p">.</span><span class="nf">auto</span><span class="p">(</span><span class="nx">user</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <h2> Features </h2> <ul> <li>Auto-detects 50+ sensitive field names (password, token, apiKey, ssn, card, cvv and more)</li> <li>Works on deeply nested objects and arrays</li> <li>Chainable API</li> <li>Show last N characters: <code>showLast(4)</code> → <code>****1234</code> </li> <li>Custom mask string: <code>.mask('[REDACTED]')</code> </li> <li>Zero dependencies</li> <li>TypeScript support</li> </ul> <h2> The chainable API </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fieldmasker</span><span class="p">(</span><span class="nx">obj</span><span class="p">)</span> <span class="p">.</span><span class="nf">auto</span><span class="p">()</span> <span class="c1">// auto-detect sensitive keys</span> <span class="p">.</span><span class="nf">add</span><span class="p">([</span><span class="dl">'</span><span class="s1">employeeId</span><span class="dl">'</span><span class="p">])</span> <span class="c1">// add your own keys</span> <span class="p">.</span><span class="nf">skip</span><span class="p">([</span><span class="dl">'</span><span class="s1">token_count</span><span class="dl">'</span><span class="p">])</span> <span class="c1">// skip false positives</span> <span class="p">.</span><span class="nf">showLast</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span> <span class="c1">// show last 4 chars</span> <span class="p">.</span><span class="nf">mask</span><span class="p">(</span><span class="dl">'</span><span class="s1">[REDACTED]</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// custom mask string</span> <span class="p">.</span><span class="nf">value</span><span class="p">()</span> <span class="c1">// get the result</span> </code></pre> </div> <h2> Why I built it </h2> <p>I'm a fresher just getting into open source. I kept writing <br> the same utility function in every project to scrub sensitive <br> data before logging. I figured other developers must be doing <br> the same thing — so I packaged it up properly with TypeScript <br> types, 22 tests, and published it.</p> <p>It already has 200+ downloads in its first week which tells <br> me I'm not alone!</p> <p>Would love your feedback — what fields should I add to the <br> auto-detect list? Any features you'd want?</p> <p>GitHub: <a href="https://github.com/arukutiyash/fieldmask" rel="noopener noreferrer">https://github.com/arukutiyash/fieldmask</a><br> npm: <a href="https://www.npmjs.com/package/fieldmasker" rel="noopener noreferrer">https://www.npmjs.com/package/fieldmasker</a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyy12h3usjuzrotmw3w2f.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyy12h3usjuzrotmw3w2f.jpg" alt=" " width="627" height="1115"></a></p> webdev node javascript security