-
Notifications
You must be signed in to change notification settings - Fork 0
FAQ
This page answers common questions about Purgo.
Purgo is a zero-config, client-side log-scrubbing library that prevents Protected Health Information (PHI) from leaking into browser consoles, DevTools, and network debuggers.
Yes, Purgo is open-source software released under the MIT License, which allows for free use, modification, and distribution.
Purgo is designed to work with all major JavaScript frameworks, including React, Next.js, Vue, Angular, and vanilla JavaScript. It also provides Node.js support.
Purgo is designed to be lightweight and fast, with less than 3% runtime overhead compared to raw operations. The bundle size is less than 7 kB gzipped.
Purgo works by patching global objects like console methods, fetch, and XMLHttpRequest to intercept and redact sensitive information before it's logged or sent over the network.
No, Purgo only redacts data in logs and network request debugging information. The actual data sent to the server remains unchanged.
Yes, Purgo includes full TypeScript declarations for all modules, providing a great developer experience with TypeScript.
Yes, Purgo works in both development and production environments. However, you might want to configure it differently in each environment based on your needs.
You can add custom patterns using regular expressions:
import { purgo } from 'purgo';
purgo({
patterns: [
'email', // Built-in pattern
/\bMRN-\d{8}\b/g, // Custom pattern for Medical Record Numbers
/\b[A-Z]{2}-\d{6}-[A-Z]\b/g, // Custom pattern for patient IDs
]
});Yes, you can customize the redaction style using the censor option:
import { purgo } from 'purgo';
purgo({
censor: (match) => '[REDACTED]' + match.slice(-2)
});Purgo works with any service that uses the standard console methods or network requests. For specific integrations like Pino, Purgo provides dedicated adapters.
Purgo is a tool that helps with HIPAA compliance by preventing accidental PHI exposure in logs and network requests. However, using Purgo alone does not guarantee HIPAA compliance, which requires a comprehensive approach to security and privacy.
If you're using Purgo in a production environment that processes real PHI, you may need a Business Associate Agreement (BAA) with the provider of Purgo. A ready-to-sign BAA template is available in the legal directory of the Purgo repository.
Purgo includes built-in patterns for detecting and redacting common types of PHI:
- Email addresses
- Social Security Numbers (SSNs)
- Phone numbers
- Medical Record Numbers (MRNs)
- ICD-10 diagnosis codes
You can also add custom patterns for organization-specific identifiers.
While Purgo is primarily designed for HIPAA compliance, its ability to redact sensitive information can also help with GDPR compliance by preventing accidental exposure of personal data.
- Make sure you're importing Purgo at the entry point of your application
- Check that you're using the latest version of Purgo
- For Next.js, ensure you're importing in the correct layout file
- For Node.js, make sure you're using the
purgo/nodeimport - Verify that your sensitive data matches the built-in patterns or add custom patterns
- Make sure you're using the correct import statement for your environment
- Check for compatibility issues with your framework or bundler
- Try using the core module (
purgo/core) if you're having issues with the auto-patching functionality
You can report bugs or request features by opening an issue on GitHub.
Contributions are welcome! Please see the Contributing Guide for details on how to contribute to Purgo.
If you discover a security vulnerability, please send an email to [your-email@example.com] instead of opening a public issue.