By creating a new error, you lose the original stack trace.

According to the spec [1], Error#message should be a writable property. I think an issue must be raised in runtimes that break from the spec. Meanwhile, it might be okay to have a way to opt-out of redaction with an option like dangerouslyLogToken or similar. Thoughts?

[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error/message

Thanks for your comment. I just noticed my telegram bot was crashing when encountering this so this was done to avoid that crash.

I've updated the fix to preserve it:

function redactToken(error: Error): never {
  const message = error.message.replace(
    /\/(bot|user)(\d+):[^/]+\//,
    '/$1$2:[REDACTED]/'
  )
  const newError = new Error(message)
  newError.stack = error.stack
  throw newError
}

I think this would be easier for users.

And you've tested that overwriting Error#stack instead of Error#message does not error for you?

Hi! Upstream is dead since last year, so I've started a community fork telegraf-hardened. I'd love to have your PR there: https://github.com/siakinnik/telegraf-hardened/issues/1

Included in #2092 via commit 6b7664f. The branch also preserves fetch error names in commit 327d7d3 so abort-related errors remain identifiable.

Tracking PR: #2092