Skip to content

Commit a3f7605

Browse files
vveerrggclaude
vveerrgg
and
claude
committed
fix: remove private key material from all log outputs
CRITICAL: seed phrases, nsec values, and private key hex were being logged to console via structured logger data objects. Any logging backend would capture users' private keys in plaintext. Removed secret data from all logger.log/logger.error calls while preserving descriptive log messages. Also fixed nsec being embedded in Error message strings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 57a4aaf commit a3f7605

3 files changed

Lines changed: 7 additions & 7 deletions

File tree

src/crypto/keys.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ export function getEntropyFromSeedPhrase(seedPhrase: string): Uint8Array {
7979
* @returns True if the seed phrase is valid, false otherwise
8080
*/
8181
export function validateSeedPhrase(seedPhrase: string): boolean {
82-
logger.log({ seedPhrase }, "Validating seed phrase");
82+
logger.log("Validating seed phrase");
8383
const isValid = validateMnemonic(seedPhrase);
8484
logger.log({ isValid }, "Validated seed phrase");
8585
return Boolean(isValid);

src/index.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -100,8 +100,8 @@ export function getEntropyFromSeedPhrase(seedPhrase: string): Uint8Array {
100100
* console.log(isValid); // true
101101
*/
102102
export function validateSeedPhrase(seedPhrase: string): boolean {
103-
logger.log({ seedPhrase }, "Validating seed phrase");
104-
logger.log({ seedPhrase }, "Input being validated");
103+
logger.log("Validating seed phrase");
104+
logger.log("Input being validated");
105105
const isValid = validateMnemonic(seedPhrase);
106106
logger.log({ isValid }, "Validated seed phrase");
107107
return Boolean(isValid);

src/nips/nip-19.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ export function hexToNsec(hex: string): string {
5252
try {
5353
return nsecEncode(hex);
5454
} catch (error) {
55-
logger.error({ error, hex }, "Failed to encode private key to nsec");
55+
logger.error({ error }, "Failed to encode private key to nsec");
5656
throw error;
5757
}
5858
}
@@ -88,7 +88,7 @@ export function decode(str: string): { type: Nip19DataType; data: string } {
8888
try {
8989
return nip19Decode(str);
9090
} catch (error) {
91-
logger.error({ error, str }, "Failed to decode bech32 string");
91+
logger.error({ error }, "Failed to decode bech32 string");
9292
throw error;
9393
}
9494
}
@@ -107,11 +107,11 @@ export function nsecToHex(nsec: string): string {
107107
try {
108108
const decoded = decode(nsec);
109109
if (decoded.type !== "nsec") {
110-
throw new Error(`Invalid nsec format: ${nsec}`);
110+
throw new Error("Invalid nsec format");
111111
}
112112
return decoded.data;
113113
} catch (error) {
114-
logger.error({ error, nsec }, "Failed to convert nsec to hex");
114+
logger.error({ error }, "Failed to convert nsec to hex");
115115
throw error;
116116
}
117117
}

0 commit comments

Comments
 (0)