npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@chaisser/mask-sensitive

v1.0.1

Published

Mask sensitive data: emails, phones, credit cards, and more

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chaisserchaisser

Keywords

maskredactsensitiveemailphonecredit-cardssnpiiprivacytypescript

Readme

@chaisser/mask-sensitive

Mask sensitive data: emails, phones, credit cards, and more

Mask, redact, and detect PII in strings, objects, JSON, and free-form text. Zero dependencies, full TypeScript support.

Installation

npm install @chaisser/mask-sensitive
# or
yarn add @chaisser/mask-sensitive
# or
pnpm add @chaisser/mask-sensitive

Quick Start

import {
  maskEmail, maskPhone, maskCreditCard, maskSSN,
  maskText, maskObjectAuto, autoMask
} from '@chaisser/mask-sensitive';

maskEmail('[email protected]');        // 'u**[email protected]'
maskPhone('(555) 123-4567');          // '(***) ***-4567'
maskCreditCard('4111 1111 1111 1111'); // '**** **** **** 1111'
maskSSN('123-45-6789');               // '***-**-6789'

// Auto-detect and mask
autoMask('[email protected]');         // 'u**[email protected]'
autoMask('4111111111111111');          // '************1111'

// Mask all PII in free-form text
maskText('Email [email protected] or call (555) 123-4567');
// 'Email u**[email protected] or call (***) ***-4567'

// Mask object keys
maskObjectAuto({
  username: 'alice',
  password: 'secret',
  apiKey: 'sk-abc123',
  email: '[email protected]'
});
// { username: 'alice', password: '******', apiKey: '*******', email: 'a***[email protected]' }

API Reference

Core Masking

| Function | Description | |----------|-------------| | mask(value, options?) | Mask with visibleStart / visibleEnd chars visible | | maskFixed(value, start, end, char?) | Show first/last N characters | | maskFull(value, char?) | Replace entire string | | maskRange(value, start, end, char?) | Mask characters at index range | | maskPositions(value, positions, char?) | Mask characters at specific indices | | maskRegex(value, pattern, char?) | Mask regex matches | | maskExcept(value, keepPositions, char?) | Mask everything except specified indices |

Email

| Function | Example | |----------|---------| | maskEmail(email) | 'u**[email protected]' | | maskEmailFull(email) | '****@***.com' | | isEmail(value) | Boolean check |

Phone

| Function | Example | |----------|---------| | maskPhone(phone) | '(***) ***-4567' | | maskPhoneFull(phone) | '(***) ***-****' | | isPhone(value) | Boolean check |

Credit Card

| Function | Description | |----------|-------------| | maskCreditCard(number) | Keep last 4, preserve formatting | | maskCreditCardFull(number) | Mask all digits | | isCreditCard(value) | Luhn algorithm validation | | getCardType(number) | Returns 'visa', 'mastercard', 'amex', etc. |

SSN

| Function | Example | |----------|---------| | maskSSN(ssn) | '***-**-6789' | | maskSSNFull(ssn) | '***-**-****' | | isSSN(value) | Boolean check |

IP Address

| Function | Example | |----------|---------| | maskIP(ip) | '192.*.*.100' | | maskIPFull(ip) | '***.***.*.***' | | isIP(value) | IPv4 validation |

IBAN

| Function | Example | |----------|---------| | maskIBAN(iban) | 'DE89************3000' | | isIBAN(value) | Format validation |

URL

| Function | Description | |----------|-------------| | maskUrl(url) | Mask path segments and passwords |

Name

| Function | Example | |----------|---------| | maskName(name) | 'John Doe''J*** D**' | | maskFirstName(name) | 'Alice''A****' | | maskLastName(name) | 'Smith''****h' | | maskFullName(name) | First initial + last letter |

Address

| Function | Description | |----------|-------------| | maskAddress(address) | Replace all digits | | maskZip(zip) | Keep first 2 chars | | maskDate(date) | Replace all digits |

Password

| Function | Description | |----------|-------------| | maskPassword(password) | Always returns '********' (hides length) | | isStrongPassword(password) | Length 8+, upper, lower, digit, special | | getPasswordStrength(password) | Returns { score, label } (weak/fair/good/strong) |

Auto-Detect

| Function | Description | |----------|-------------| | detectSensitiveType(value) | Returns detected type or null | | autoMask(value) | Auto-detect and mask |

Object Masking

| Function | Description | |----------|-------------| | maskObject(obj, keys, options?) | Mask specified keys | | maskObjectAuto(obj, keys?) | Auto-mask known sensitive keys + auto-detect values | | redactKeys(obj, keys, replacement?) | Replace values with [REDACTED] |

JSON Masking

| Function | Description | |----------|-------------| | maskJson(json, keys, options?) | Parse, mask keys, stringify | | maskJsonAuto(json, keys?) | Parse, auto-mask, stringify |

Text Masking

| Function | Description | |----------|-------------| | maskText(text) | Find and mask emails, phones, credit cards, SSNs, IPs in free-form text |

Examples

Log Redaction

import { maskObjectAuto } from '@chaisser/mask-sensitive';

function safeLog(data: Record<string, unknown>) {
  console.log(maskObjectAuto(data));
}

safeLog({
  userId: 123,
  email: '[email protected]',
  password: 'super-secret',
  creditCard: '4111111111111111'
});
// { userId: 123, email: 'a***[email protected]', password: '************', creditCard: '************1111' }

Mask API Response

import { maskJsonAuto } from '@chaisser/mask-sensitive';

const response = JSON.stringify({
  user: { name: 'Alice', apiKey: 'sk-live-abc123', token: 'eyJhbGciOi...' }
});

console.log(maskJsonAuto(response));
// apiKey and token fully masked

Redact Headers

import { redactKeys } from '@chaisser/mask-sensitive';

const headers = {
  'content-type': 'application/json',
  'authorization': 'Bearer abc123',
  'x-api-key': 'secret'
};

const safe = redactKeys(headers, ['authorization', 'x-api-key']);
// { 'content-type': 'application/json', authorization: '[REDACTED]', 'x-api-key': '[REDACTED]' }

Mask Free-form Text

import { maskText } from '@chaisser/mask-sensitive';

const log = 'User [email protected] charged 4111 1111 1111 1111 from 192.168.1.1';
const safe = maskText(log);
// 'User a***[email protected] charged **** **** **** 1111 from 192.*.*.1'

Custom Masking

import { mask, maskRange, maskPositions, maskRegex } from '@chaisser/mask-sensitive';

mask('hello world', { maskChar: '#', visibleStart: 2, visibleEnd: 3 });
// 'he#####rld'

maskRange('abcdefgh', 2, 5);
// 'ab***fgh'

maskPositions('secret', [1, 3, 5]);
// 's*c*e*'

maskRegex('order-12345 confirmed', /order-\d+/);
// '********** confirmed'

License

MIT