npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, πŸ‘‹, I’m Ryan HefnerΒ  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you πŸ™

Β© 2026 – Pkg Stats / Ryan Hefner

hide-pii

v1.0.4

Published

🎭 A zero-dependency, recursive PII (Personally Identifiable Information) masker for modern JavaScript. Keep sensitive data out of your logs and don't leak information!

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tutyamxxtutyamxx

Keywords

piimaskmaskingredactredactionprivacysecuritygdprcompliancesanitizerloggersensitive-dataobfuscatezero-dependencytypescript

Readme

hide-pii

  • 🎭 A zero-dependency, recursive PII (Personally Identifiable Information) masker for modern JavaScript. Keep sensitive data out of your logs and don't leak information!
  • ♻️ Works seamlessly with CommonJS, ESM and TypeScript
  • 🧊 Does not mutate original object!

πŸ€” Why hide-pii ?

  • 🎭 A lightweight, zero-dependency utility that automatically scrubs sensitive data like passwords, emails, and credit cards from your objects and logs before they reach your storage or third-party providers. It uses recursive traversal and smart pattern matching to redact private information while preserving the context you need for debugging, helping you stay compliant with GDPR and CCPA effortlessly.
  • πŸ›‘οΈ The best use case for this package is sanitizing application logs and error reports to prevent sensitive credentials, emails, and database strings from leaking into third-party monitoring tools or plain-text storage.

✨ Features

| Feature | Description | Example Input | Example Output | | ------------------------- | --------------------------------------------------------------------- | ------------------------------------------------ | -------------------------------------------------------------- | | Sensitive Key Masking | Replaces values for keys like password, token, secret, apiKey | { password: "mySecret123" } | { password: "[REDACTED]" } | | Email Obfuscation | Masks email username while preserving domain | "[email protected]" | "jo*****@test.com" | | Credit Card Masking | Detects and masks card numbers | "4111111111111111" | "**********" | | Secret Token Masking | Masks API keys, bearer tokens, auth tokens | "Bearer abcdefghijklmnop" | "Bearer **********" | | Connection String Masking | Masks credentials in DB URLs | "postgres://user:pass@host:5432/db" | "**********" | | IPv4 Address Masking | Detects and masks IP addresses | "192.168.1.1" | "**********" | | Recursive Traversal | Automatically scans nested objects and arrays | { user: { email: "[email protected]" } } | { user: { email: "jo*****@test.com" } } | | Custom mask character | Allows changing the character used for masking (default: *) | { email: "[email protected]" }, maskChar: "#" | { email: "jo#####@test.com" } | | Placeholder Customization | Lets you choose the string used to replace sensitive keys | { password: "1234" }, placeholder: "πŸ”’" | { password: "πŸ”’" } | | Array Support | Masks data inside arrays as well | [ { email: "[email protected]" }, { password: "x" } ] | [ { email: "a*****@test.com" }, { password: "[REDACTED]" } ] |

πŸ“¦ Install via NPM

$ npm i hide-pii

πŸ’» Usage

  • See examples below

CommonJS

const hidePii = require('hide-pii');

const payload = {
    user: {
        id: "usr_12345",
        email: "[email protected]",
        password: "SuperSecretPassword123!",
        profile: {
            ipv4: "192.168.1.1",
            backupEmail: "[email protected]"
        }
    },
    billing: {
        creditCard: "4111111111111111",
        backupCard: "5555555555554444"
    },
    auth: {
        apiKey: "api_key: sk_live_1234567890abcdefghijklmnop",
        authToken: "auth_token: abcdefghijklmnop123456",
        bearer: "Bearer 1a2b3c4d5e6f7g8h9i0j"
    },
    infrastructure: {
        mongo: "mongodb://admin:superpass@localhost:27017/app",
        postgres: "postgres://user:password@localhost:5432/db",
        redis: "redis://cache:[email protected]:6379"
    },
    logs: [
        "User [email protected] logged in from 10.0.0.5",
        "Attempt with card 4111111111111111",
        "Bearer zyxwvutsrqponmlkjihg"
    ],
    misc: {
        privateKey: "myUltraSensitiveKey12345678",
        pwd: "plainTextPassword"
    }
};

// --| Add placeholder and a mask character
console.log(hidePii(payload, { placeholder: "πŸ”’", maskChar: "#" }));

// --| OR default "[REDACTED]"
console.log(hidePii(payload));

ESM

import hidePii from 'hide-pii';

const payload = {
    user: {
        id: "usr_12345",
        email: "[email protected]",
        password: "SuperSecretPassword123!",
        profile: {
            ipv4: "192.168.1.1",
            backupEmail: "[email protected]"
        }
    },
    billing: {
        creditCard: "4111111111111111",
        backupCard: "5555555555554444"
    },
    auth: {
        apiKey: "api_key: sk_live_1234567890abcdefghijklmnop",
        authToken: "auth_token: abcdefghijklmnop123456",
        bearer: "Bearer 1a2b3c4d5e6f7g8h9i0j"
    },
    infrastructure: {
        mongo: "mongodb://admin:superpass@localhost:27017/app",
        postgres: "postgres://user:password@localhost:5432/db",
        redis: "redis://cache:[email protected]:6379"
    },
    logs: [
        "User [email protected] logged in from 10.0.0.5",
        "Attempt with card 4111111111111111",
        "Bearer zyxwvutsrqponmlkjihg"
    ],
    misc: {
        privateKey: "myUltraSensitiveKey12345678",
        pwd: "plainTextPassword"
    }
};

// --| Add placeholder and a mask character
console.log(hidePii(payload, { placeholder: "πŸ”’", maskChar: "#" }));

// --| OR default "[REDACTED]"
console.log(hidePii(payload));

TypeScript

import hidePii, { PiiMaskerOptions } from 'hide-pii';

const payload = {
    user: {
        id: "usr_12345",
        email: "[email protected]",
        password: "SuperSecretPassword123!",
        profile: {
            ipv4: "192.168.1.1",
            backupEmail: "[email protected]"
        }
    },
    billing: {
        creditCard: "4111111111111111",
        backupCard: "5555555555554444"
    },
    auth: {
        apiKey: "api_key: sk_live_1234567890abcdefghijklmnop",
        authToken: "auth_token: abcdefghijklmnop123456",
        bearer: "Bearer 1a2b3c4d5e6f7g8h9i0j"
    },
    infrastructure: {
        mongo: "mongodb://admin:superpass@localhost:27017/app",
        postgres: "postgres://user:password@localhost:5432/db",
        redis: "redis://cache:[email protected]:6379"
    },
    logs: [
        "User [email protected] logged in from 10.0.0.5",
        "Attempt with card 4111111111111111",
        "Bearer zyxwvutsrqponmlkjihg"
    ],
    misc: {
        privateKey: "myUltraSensitiveKey12345678",
        pwd: "plainTextPassword"
    }
};

// --| Add placeholder
const options: PiiMaskerOptions = { placeholder: "πŸ”’", maskChar: "#" };
const maskedWithEmoji = hidePii(payload, options);

console.log(maskedWithEmoji);

// --| OR default "[REDACTED]"
console.log(hidePii(payload));

Output "[REDACTED]" with no mask character specified

{
  user: {
    id: 'usr_12345',
    email: 'jo*****@test.com',
    password: '[REDACTED]',
    profile: { ipv4: '**********', backupEmail: 'su*****@company.org' }
  },
  billing: { creditCard: '**********', backupCard: '**********' },
  auth: {
    apiKey: '[REDACTED]',
    authToken: '[REDACTED]',
    bearer: 'Bearer **********0'
  },
  infrastructure: { mongo: '**********', postgres: '**********', redis: '**********' },
  logs: [
    'User jo*****@test.com logged in from ********',
    'Attempt with card **********',
    'Bearer **********0'
  ],
  misc: { privateKey: '[REDACTED]', pwd: '[REDACTED]' }
}

Output custom placeholder and custom mask character

{
  user: {
    id: 'usr_12345',
    email: 'jo#####@test.com',
    password: 'πŸ”’',
    profile: { ipv4: '###########', backupEmail: 'su#####@company.org' }
  },
  billing: { creditCard: '################', backupCard: '################' },
  auth: 'πŸ”’',
  infrastructure: {
    mongo: '#############################################',
    postgres: '##########################################',
    redis: '###################################'
  },
  logs: [
    'User jo#####@test.com logged in from ########',
    'Attempt with card ################',
    'Bearer ##########'
  ],
  misc: { privateKey: 'πŸ”’', pwd: 'πŸ”’' }
}