[FEAT]: Do not log entire object in serialization/deserialization errors

[shcallaway]

Description

Hello, hope you're doing well.

typescript-json-serializer's current errors include the entire object that failed serialization/deserialization. For example:

Additional properties detected in {"id":"123","foo":"bar"}: foo.

But the objects I am serializing/deserializing contain sensitive data (PII). I do not want this data to appear in my logs.

My current solution is to use a custom errorCallback that replaces the default error message:

    // Prepare a custom error handler
    const errorCallback = (message: string) => {
      // We don't log message because it may contain PHI
      req.logger.info("Deserialization failed");
      throw new Error();
    };

But this solution is not ideal because it means I cannot see the error cause in my logs. Instead of seeing "Additional properties detected", I see "Deserialization failed", which is much less specific/useful.

Proposed solution

1. Change serialization/deserialization errors so that they do not include any data (it is ok to include field names, but not values; for example this error message would be ok: Additional properties detected: foo.)
2. Add a serializer option that allows users to control/toggle this behavior (nice-to-have but not strictly necessary)

[GillianPerard]

Hi, thanks for still using my library and asking for improvements!

I think I could implements the second solution because there are lot of place where this is all the object that does not fit the rules not only a property and some users perhaps need to have more information.

I will found a way to add a config to specify if the errors should display values or not.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.