PHPackages                             tapbuy/data-scrubber - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. tapbuy/data-scrubber

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

tapbuy/data-scrubber
====================

A tool to help with scrubbing sensitive data

1.3.0(2w ago)03.3k↓71.8%Apache-2.0PHPPHP ^8.1

Since Apr 25Pushed 2w agoCompare

[ Source](https://github.com/tapbuy/data-scrubber)[ Packagist](https://packagist.org/packages/tapbuy/data-scrubber)[ RSS](/packages/tapbuy-data-scrubber/feed)WikiDiscussions develop Synced 2d ago

READMEChangelogDependencies (4)Versions (16)Used By (0)

Data Scrubber
=============

[](#data-scrubber)

PHP library for anonymizing sensitive data in objects and arrays.

Installation
------------

[](#installation)

```
composer require tapbuy/data-scrubber
```

Usage
-----

[](#usage)

```
use Tapbuy\DataScrubber\Anonymizer;

$anonymizer = new Anonymizer('https://your-api-url.com/keys');

$data = [
    'name' => 'John Doe',
    'email' => 'john@example.com',
    'phonenumber' => [
        'ssn' => '123-45-6789'
    ]
];

$anonymized = $anonymizer->anonymizeObject($data);
```

API
---

[](#api)

### Anonymizer Class

[](#anonymizer-class)

```
class Anonymizer {
    const REDACTED = '';
    // $redactWith: when null (default) matched values are masked with `*`;
    //              when set (e.g. self::REDACTED) they are replaced with that placeholder.
    // $hashEmails: when true, email values are replaced with their unsalted SHA-256 hash
    //              instead of being masked/redacted. Defaults to false.
    // $matchLeaf:  when true, a key also matches if its leaf (last segment after _ - . / \ or
    //              space) equals a configured key — catches nested fields like
    //              `dwfrm_..._addressFields_email` (leaf `email`). Broader; defaults to false.
    // $recurseJsonStrings: when true, a string value that is itself JSON is decoded, anonymized
    //              with the same settings, and re-encoded (catches PII inside embedded JSON blobs).
    // $redactTokens: when true, any value that looks like a credential (JWT, or `Bearer `) is
    //              redacted regardless of field name. Defaults to false.
    public function __construct(Keys|string $keys, ?string $redactWith = null, bool $hashEmails = false, bool $matchLeaf = false, bool $recurseJsonStrings = false, bool $redactTokens = false);
    public function updateKeys(): void;
    public function anonymizeObject(object|array $data): object|array;
}
```

### Keys Class

[](#keys-class)

```
class Keys {
    public function __construct(string $url);
    public function fetchKeys(): void;
    public function getKeys(): array;
}
```

Keys Format
-----------

[](#keys-format)

Your API endpoint must return:

```
{
    "success": true,
    "data": ["name", "email", "ssn", "numbers[]"]
}
```

Keys with `[]` suffix indicate array fields that should have all elements anonymized.

Key matching is case-insensitive: both the configured keys and the data field names are compared in lower case (so `Email`, `C_AdyenLog`, etc. match regardless of case).

Anonymization Rules
-------------------

[](#anonymization-rules)

By default, matched values are masked:

- Strings: Replaced with `*` of same length

    ```
    "John Doe" → "********"
    ```
- Numbers: Random number of same length/type

    ```
    12345 → 98765
    123.45 → 987.65
    ```
- Redaction mode (`$redactWith`): replace matched values wholesale with a placeholder instead of masking/randomizing them

    ```
    $anonymizer = new Anonymizer($keys, Anonymizer::REDACTED);
    "John Doe" → ""
    12345      → ""
    ```
- Email hashing (`$hashEmails`): replace email values with their unsalted SHA-256 hash (a stable, one-way identifier) instead of masking/redacting them. Takes precedence over the rules above for values that are valid emails.

    ```
    $anonymizer = new Anonymizer($keys, null, true);
    "john@example.com" → "836f82db99121b3481011f16b49dfa5fbc714a0d1b1b9f784a1ebbbf5b39577f"
    ```
- Leaf matching (`$matchLeaf`): also match a key by its trailing segment, so deeply nested form fields are covered without listing every variant

    ```
    $anonymizer = new Anonymizer($keys /* incl. "email" */, null, true, true);
    "dwfrm_shippingDS_shippingAddress_addressFields_email" matches via leaf "email"
    ```
- Embedded JSON (`$recurseJsonStrings`): when a string value is itself a JSON object or array, it is decoded, anonymized with the same settings, and re-encoded — so PII inside embedded JSON blobs (e.g. analytics dataLayers) is not left opaque

    ```
    $anonymizer = new Anonymizer($keys /* incl. "email" */, null, false, false, true);
    '{"email":"john@example.com"}' → '{"email":"****************"}'
    ```
- Token redaction (`$redactTokens`): any string value that looks like a credential — a JWT or a `Bearer ` header — is redacted regardless of field name (replaced with `$redactWith` or ``, never length-masked)

    ```
    $anonymizer = new Anonymizer($keys, null, false, false, false, true);
    "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.abc" → ""
    ```
- Arrays: If key marked with \[\], all elements anonymized

    ```
    'numbers' => [123, 456] → [789, 012]
    ```

Testing
-------

[](#testing)

```
composer install
vendor/bin/phpunit
```

CLI
---

[](#cli)

Update keys via command line:

```
php bin/updateKeys.php https://your-api-url.com/keys
```

Directory Structure
-------------------

[](#directory-structure)

```
data-scrubber/
├── src/
│   ├── Anonymizer.php
│   └── Keys.php
├── tests/
│   ├── AnonymizerTest.php
│   └── KeysTest.php
├── bin/
│   └── updateKeys.php
├── composer.json
└── phpunit.xml.dist

```

###  Health Score

49

—

FairBetter than 94% of packages

Maintenance96

Actively maintained with recent releases

Popularity20

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 89.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~60 days

Recently: every ~22 days

Total

14

Last Release

17d ago

Major Versions

0.7.3 → 1.0.02026-03-19

PHP version history (2 changes)0.1PHP &gt;=8.1

1.0.0PHP ^8.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/0740544e5d3c7a2192d15c1cca624832e271924f3b7135183a5815216c28560b?d=identicon)[jerome-tapbuy](/maintainers/jerome-tapbuy)

![](https://www.gravatar.com/avatar/f193163becacc7142aebf5cdcddf3c47d3c66c9476e2cbcc53e38ffb46b3561f?d=identicon)[valentin\_tapbuy](/maintainers/valentin_tapbuy)

---

Top Contributors

[![ValentinCreative](https://avatars.githubusercontent.com/u/1830588?v=4)](https://github.com/ValentinCreative "ValentinCreative (42 commits)")[![jeromegroven](https://avatars.githubusercontent.com/u/208591786?v=4)](https://github.com/jeromegroven "jeromegroven (5 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/tapbuy-data-scrubber/health.svg)

```
[![Health](https://phpackages.com/badges/tapbuy-data-scrubber/health.svg)](https://phpackages.com/packages/tapbuy-data-scrubber)
```

###  Alternatives

[alexwight/php-signalr-client

Signal R Client

2331.9k](/packages/alexwight-php-signalr-client)[aertmann/history

An improved history backend module for Neos

1174.6k](/packages/aertmann-history)[pixelfederation/circuit-breaker-bundle

An analogous bundle to Java's Hystrix in PHP world.

1229.0k](/packages/pixelfederation-circuit-breaker-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
