slow-redact is a new log redaction package that provides the same API as fast-redact but guarantees immutability through selective cloning. Created in response to a flawed CVE filed against fast-redact's internal functions, it prevents mutation-based vulnerabilities while maintaining competitive performance for typical use cases. The package only clones object branches containing redaction targets, sharing references for everything else, achieving ~85% memory sharing in real-world scenarios. Pino has adopted slow-redact as its default redaction tool starting with version 9.13.0, prioritizing safety and predictable behavior over absolute maximum performance.
Table of contents
Introducing slow-redact: a safer log redaction tool with immutability guarantees, combating flawed CVEs.Protecting Sensitive Data in LogsWhy the Switch?The Real ProblemEnter slow-redactPerformance: Not Actually SlowWhy Pino is SwitchingThe Technical Innovation: Selective Cloning ExplainedMoving ForwardSort: