Introducing slow-redact: a safer log redaction tool with immutability guarantees, combating flawed CVEs.

Nodeland's platform is a central hub for Node.js developers, offering insights into server-side JavaScript development, JavaScript frameworks, and full-stack JavaScript applications. Through articles, tutorials, and case studies, Nodeland offers insights into Node.js best practices, asynchronous programming techniques, and JavaScript runtime environments. Readers can learn about building RESTful APIs, deploying Node.js applications, and optimizing performance to create scalable and efficient web applications.

Adventures in Nodeland

slow-redact is a new log redaction package that provides the same API as fast-redact but guarantees immutability through selective cloning. Created in response to a flawed CVE filed against fast-redact's internal functions, it prevents mutation-based vulnerabilities while maintaining competitive performance for typical use cases. The package only clones object branches containing redaction targets, sharing references for everything else, achieving ~85% memory sharing in real-world scenarios. Pino has adopted slow-redact as its default redaction tool starting with version 9.13.0, prioritizing safety and predictable behavior over absolute maximum performance.

From fast-redact to slow-redact

The Technical Innovation: Selective Cloning Explained