@chaisser/mask-sensitive

Mask sensitive data: emails, phones, credit cards, and more

Mask, redact, and detect PII in strings, objects, JSON, and free-form text. Zero dependencies, full TypeScript support.

---

Installation

npm install @chaisser/mask-sensitive
# or
yarn add @chaisser/mask-sensitive
# or
pnpm add @chaisser/mask-sensitive

---

Quick Start

import {
  maskEmail, maskPhone, maskCreditCard, maskSSN,
  maskText, maskObjectAuto, autoMask
} from '@chaisser/mask-sensitive';

maskEmail('user@example.com');        // 'u**r@example.com'
maskPhone('(555) 123-4567');          // '(***) ***-4567'
maskCreditCard('4111 1111 1111 1111'); // '**** **** **** 1111'
maskSSN('123-45-6789');               // '***-**-6789'

// Auto-detect and mask
autoMask('user@example.com');         // 'u**r@example.com'
autoMask('4111111111111111');          // '************1111'

// Mask all PII in free-form text
maskText('Email user@test.com or call (555) 123-4567');
// 'Email u**r@test.com or call (***) ***-4567'

// Mask object keys
maskObjectAuto({
  username: 'alice',
  password: 'secret',
  apiKey: 'sk-abc123',
  email: 'alice@example.com'
});
// { username: 'alice', password: '******', apiKey: '*******', email: 'a***e@example.com' }

---

API Reference

Core Masking

Function	Description
mask(value, options?)	Mask with visibleStart / visibleEnd chars visible
maskFixed(value, start, end, char?)	Show first/last N characters
maskFull(value, char?)	Replace entire string
maskRange(value, start, end, char?)	Mask characters at index range
maskPositions(value, positions, char?)	Mask characters at specific indices
maskRegex(value, pattern, char?)	Mask regex matches
maskExcept(value, keepPositions, char?)	Mask everything except specified indices

Email

Function	Example
maskEmail(email)	'u**r@example.com'
maskEmailFull(email)	'****@***.com'
isEmail(value)	Boolean check

Phone

Function	Example
maskPhone(phone)	'(***) ***-4567'
maskPhoneFull(phone)	'(***) ***-****'
isPhone(value)	Boolean check

Credit Card

Function	Description
maskCreditCard(number)	Keep last 4, preserve formatting
maskCreditCardFull(number)	Mask all digits
isCreditCard(value)	Luhn algorithm validation
getCardType(number)	Returns 'visa', 'mastercard', 'amex', etc.

SSN

Function	Example
maskSSN(ssn)	'***-**-6789'
maskSSNFull(ssn)	'***-**-****'
isSSN(value)	Boolean check

IP Address

Function	Example
maskIP(ip)	'192.*.*.100'
maskIPFull(ip)	'***.***.*.***'
isIP(value)	IPv4 validation

IBAN

Function	Example
maskIBAN(iban)	'DE89************3000'
isIBAN(value)	Format validation

URL

Function	Description
maskUrl(url)	Mask path segments and passwords

Name

Function	Example
maskName(name)	'John Doe' → 'J*** D**'
maskFirstName(name)	'Alice' → 'A****'
maskLastName(name)	'Smith' → '****h'
maskFullName(name)	First initial + last letter

Address

Function	Description
maskAddress(address)	Replace all digits
maskZip(zip)	Keep first 2 chars
maskDate(date)	Replace all digits

Password

Function	Description
maskPassword(password)	Always returns '********' (hides length)
isStrongPassword(password)	Length 8+, upper, lower, digit, special
getPasswordStrength(password)	Returns { score, label } (weak/fair/good/strong)

Auto-Detect

Function	Description
detectSensitiveType(value)	Returns detected type or null
autoMask(value)	Auto-detect and mask

Object Masking

Function	Description
maskObject(obj, keys, options?)	Mask specified keys
maskObjectAuto(obj, keys?)	Auto-mask known sensitive keys + auto-detect values
redactKeys(obj, keys, replacement?)	Replace values with [REDACTED]

JSON Masking

Function	Description
maskJson(json, keys, options?)	Parse, mask keys, stringify
maskJsonAuto(json, keys?)	Parse, auto-mask, stringify

Text Masking

Function	Description
maskText(text)	Find and mask emails, phones, credit cards, SSNs, IPs in free-form text

---

Examples

Log Redaction

import { maskObjectAuto } from '@chaisser/mask-sensitive';

function safeLog(data: Record<string, unknown>) {
  console.log(maskObjectAuto(data));
}

safeLog({
  userId: 123,
  email: 'alice@example.com',
  password: 'super-secret',
  creditCard: '4111111111111111'
});
// { userId: 123, email: 'a***e@example.com', password: '************', creditCard: '************1111' }

Mask API Response

import { maskJsonAuto } from '@chaisser/mask-sensitive';

const response = JSON.stringify({
  user: { name: 'Alice', apiKey: 'sk-live-abc123', token: 'eyJhbGciOi...' }
});

console.log(maskJsonAuto(response));
// apiKey and token fully masked

Redact Headers

import { redactKeys } from '@chaisser/mask-sensitive';

const headers = {
  'content-type': 'application/json',
  'authorization': 'Bearer abc123',
  'x-api-key': 'secret'
};

const safe = redactKeys(headers, ['authorization', 'x-api-key']);
// { 'content-type': 'application/json', authorization: '[REDACTED]', 'x-api-key': '[REDACTED]' }

Mask Free-form Text

import { maskText } from '@chaisser/mask-sensitive';

const log = 'User alice@test.com charged 4111 1111 1111 1111 from 192.168.1.1';
const safe = maskText(log);
// 'User a***e@test.com charged **** **** **** 1111 from 192.*.*.1'

Custom Masking

import { mask, maskRange, maskPositions, maskRegex } from '@chaisser/mask-sensitive';

mask('hello world', { maskChar: '#', visibleStart: 2, visibleEnd: 3 });
// 'he#####rld'

maskRange('abcdefgh', 2, 5);
// 'ab***fgh'

maskPositions('secret', [1, 3, 5]);
// 's*c*e*'

maskRegex('order-12345 confirmed', /order-\d+/);
// '********** confirmed'

---

License

MIT