PII detection. Anonymization. API-ready output.

Sanitize sensitive text before it leaves your app.

Puddinhead detects and anonymizes emails, phone numbers, credit cards, IP addresses, and URLs in logs, form data, and API payloads with analyze(), anonymize(), and sanitize() across application and HTTP workflows.

Read the docs View API endpoint

Puddinhead

Input

Please send the invoice to sarah.chen@acme.io or call me at +1 (415) 555-2671. If billing fails, retry the card 4242 4242 4242 4242 and log the request from 203.0.113.42 that hit https://acme.io/internal/payments. The customer asked for the receipt to also be copied to finance@acme.io, and the support note says their backup number is +44 20 7946 0958 if the primary line is unavailable. We also captured a callback URL at https://api.acme.io/v1/reconcile?account=west-coast and a test card ending in 1881 for sandbox verification.

Sanitized output

How It Works

PII detection and anonymization pipeline.

The pipeline accepts text, identifies supported entities, applies the configured operator, and returns sanitized output while preserving the surrounding context.

1. Input

Please email me at test@gmail.com Raw text enters the sanitizer.

2. Detect

Email pattern found The email address is identified as sensitive.

3. Replace

[REDACTED] Only the matched value is swapped out.

4. Output

Please email me at [REDACTED] Safe text is returned to your app or API.

Input

sanitize("Please email me at test@gmail.com")

Output

"Please email me at [REDACTED]"

Receive the text

The package accepts a normal string from your app, job, log formatter, or HTTP request body.

Scan for sensitive patterns

The analyzer scans the input and identifies values that match supported entity types such as email addresses and phone numbers.

Replace only the match

Instead of rewriting the whole sentence, the matched email is replaced with [REDACTED] so the rest of the message stays readable.

Return a safe result

If you call sanitize(), you get back a string. If you use POST /sanitize, the same value is returned inside JSON as {"sanitized":"..."}.

Docs

Core docs in four blocks.

Install, usage, API, and response examples.

Quick start

Install the package

npm install puddinhead

Example usage

Redact email addresses

sanitize("My email is test@gmail.com")

-> "My email is [REDACTED]"

API endpoint

Send a single request

POST /sanitize

Response example

Return the sanitized value

{
  "sanitized": "..."
}

Open the full docs page

Flow lab

See one payload branch into detection, policy, and sanitized output.

The stream bends through analysis on the left, stabilizes through entity rules in the middle, and exits as a predictable sanitized response your app can forward safely.

Incoming text

{
  "text": "Email me at test@gmail.com"
}

Detection + policy

EMAIL_ADDRESS replace [REDACTED]

Sanitized response

{
  "sanitized": "Email me at [REDACTED]"
}

Guardrails built in

Redaction should be transparent and easy to inspect.

Detection, operator choice, and output shape stay explicit so the behavior is easy to review, test, and trust in production.

Consistent placeholders

The output stays predictable so downstream tooling does not need custom parsing.

Small API surface

There is less room for confusion when the docs fit on one page and the endpoint fits in one line.

JSON-safe responses

The API returns a single sanitized field that is straightforward to inspect and forward.

Easy to review

Because the surface area is narrow, regressions are easier to spot before they ship.

Docs first

Install the package or hit the endpoint. That's the whole setup.

Open docs View API