openai-node icon indicating copy to clipboard operation
openai-node copied to clipboard
verified publisher icon openai

console.error call that can reveal sensitive information.

Open sirtow opened this issue 10 months ago • 0 comments

Confirm this is a Node library issue and not an underlying OpenAI API issue

  • [x] This is an issue with the Node library

Describe the bug

The 'streaming.ts' file has the following code arround line 62 :

try {
              data = JSON.parse(sse.data);
            } catch (e) {
              console.error(`Could not parse message into JSON:`, sse.data);
              console.error(`From chunk:`, sse.raw);
              throw e;
            }

In our case, we saw Azure OpenA API returning bad JSON in stream response, which caused the console.error to print the chunk content. The content included portion of model response. Since console was used to report the error , it is hard to filter this kind of error from rest of console messages.

To clarify, API returned bad json (which is a problem on its own) . The problem is that SDK is using console.error AND throwing exception which causes possible sensitive data to appear in console messages.

To Reproduce

Not sure how since it requires to have bad API response. in general, have SDK call a mock API that returns bad JSON data while streaming.

Code snippets

OS

any

Node version

any

Library version

4.68.3

sirtow avatar Feb 18 '25 17:02 sirtow