Angga.
← Back to all posts
npmopen-sourcesecurity

Building password-obscura: my first npm package

A small utility to mask secrets in logs grew into the seed of a micro-SaaS. Here is the origin story.

· 5 min read

The itch

Every team I've ever joined has had the same moment: someone tails a log, sees an API token, and the room goes quiet. We add a regex. We forget. It happens again.

I wanted a tiny, dependency-free utility I could drop into any Node.js project and stop thinking about it. That became password-obscura.

What it does

import { obscura } from "password-obscura";

obscura("my-super-secret"); // => "**************"

That's the whole API in one line. The implementation is also one line. The hard part wasn't the code — it was deciding what *not* to add.

What's next

I'm turning the package into a micro-SaaS:

  • A hosted API endpoint that masks secrets in structured logs.
  • A small dashboard for configuring masking rules per project.
  • A redaction playground so people can try it without signing up.

The package is the wedge. The SaaS is the business. Both will live or die by whether anyone needs them — which is exactly what I'm about to find out.

Enjoyed this? More posts coming weekly — see the full archive.