no-pii-in-logs
ESLint rule documentation for no-pii-in-logs
📡 Live from GitHub — This documentation is fetched directly from no-pii-in-logs.md and cached for 6 hours.
Keywords: no-pii-in-logs, PII, logging, privacy, console, security, ESLint rule, CWE-532, CWE-359 CWE: CWE-532: Insertion of Sensitive Information into Log File
OWASP Mobile: OWASP Mobile Top 10 M6: Inadequate Communication Usage
CWE: CWE-532
ESLint Rule: no-pii-in-logs. This rule is part of eslint-plugin-node-security.
Quick Summary
| Aspect | Details |
|---|---|
| Severity | High (Data Privacy Violation) |
| Auto-Fix | ❌ No (requires manual sanitization) |
| Category | Security |
| ESLint MCP | ✅ Optimized for ESLint MCP integration |
| Best For | Applications handling PII or secrets |
Vulnerability and Risk
Vulnerability: Personally Identifiable Information (PII) like emails, passwords, SSNs, or credit card numbers is being written to console logs or log files in cleartext.
Risk: Log files are often stored in less secure environments, shared across teams, or ingested by third-party log management services. Exposing PII in logs can lead to data breaches, identity theft, and failure to comply with privacy regulations like GDPR, HIPAA, or PCI-DSS.
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
🔒 CWE-532 OWASP:M6 | PII Exposure in Logs detected | HIGH [PrivacyLeak]
Fix: Do not log sensitive properties directly; use mask or remove | https://cwe.mitre.org/data/definitions/532.htmlMessage Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-532 OWASP:M6 |
| Issue Description | Specific vulnerability | PII Exposure in Logs detected |
| Severity & Compliance | Impact assessment | HIGH [PrivacyLeak] |
| Fix Instruction | Actionable remediation | Do not log sensitive properties directly |
| Technical Truth | Official reference | Logging Sensitive Info |
Rule Details
This rule monitors calls to console.log, console.error, console.warn, and console.info. It flags any arguments that access common PII properties (e.g., email, password, ssn) or contain string literals indicating PII exposure.
Why This Matters
| Issue | Impact | Solution |
|---|---|---|
| 🕵️ Data Leak | PII stored in plain text in log infra | Implement a redaction layer in your logging utility |
| 🚀 Exfiltration | Attackers reading logs gain PII | Use correlation IDs instead of PII for debugging |
| 🔒 Compliance | GDPR/HIPAA/PCI audit failure | Ensure no sensitive data ever hits standard output/errors |
Configuration
This rule has no configuration options in the current version.
Examples
❌ Incorrect
// Logging sensitive properties directly
console.log('User details:', user.email);
// Logging an object containing PII
console.error({ error: 'failed', ssn: user.ssn });
// Hardcoded PII labels in logs
console.warn('Password: ' + rawPassword);✅ Correct
// Logging generic info
console.log('User authenticated successfully');
// Logging non-sensitive identifiers
console.log('Processing order ID:', order.id);
// Redacting PII before logging
console.log('User email:', maskEmail(user.email));Known False Negatives
The following patterns are not detected due to static analysis limitations:
Values from Variables
Why: This rule only checks for direct property access (e.g., user.email). If PII is stored in a generic variable name, it will be missed.
// ❌ NOT DETECTED
const data = user.email;
console.log(data);Mitigation: Track sensitive data through your system and use a secure logging wrapper.
Custom Loggers
Why: This rule currently only targets the standard console object. Custom logging libraries (e.g., winston, pino) are not analyzed.
Mitigation: Audit your custom logger configurations and implement global middlewares for PII redaction.