errorcore
Security

PII Scrubbing

Scrubbing runs before serialization. That is the important boundary. Once a field is removed there, it does not leak into transport, storage, or replay.

scrub policy
errorcore.init({
  scrub: {
    headers: ["authorization", "cookie"],
    env: ["DATABASE_URL", "JWT_SECRET"],
    body: ["password", "token", "ssn"],
  },
});

Review the policy whenever request schemas, auth headers, or environment contracts change.

Encryption

Encrypt incident packages before transport so the network path never sees raw debugging context.

Header Filtering

Decide which headers are safe to preserve and which should always be removed from incidents.

On this page

PII Scrubbing