npm
Sign UpSign In

secret-scanner

2.0.1 • Public • Published

Secret Scanner

Please be aware, this is still in a very early state, testing has been done but does require more extensive testing and rewrites to the testing code.

About

Based off the well established Yelp detect-secrets (please go check them out if your using python!), secret-scanner aims to provide a similiar experience within the node realm.

Sections


Installation

With NPM

npm install --save-dev secret-scanner

or with yarn

yarn add --dev secret-scanner


Quickstart

  1. secret-scanner scan to generate baseline file
  2. secret-scanner audit the baseline file check if secrets should be committed to repo
  3. Add secret-scanner scan -h to your pre-commit to stop newly added secrets

For example with husky on a NPM repo

  1. npm install husky --save-dev
  2. npx husky install
  3. npm set-script prepare "husky install"
  4. npx husky add .husky/pre-commit "secret-scanner scan -h"

Configuration

Disable Plugins

{
    "disable_plugins": ["AWS", "Keyword", "Slack", "Stripe", "Twilio"]
}

Exclude Lines

Excluding Lines is as easy as writing the line to be excluded or a regex.

Under the hood it uses regex all the same to match

{
    "exclude": {
        "lines": ["example line", "[a-z0-9]-regex-line"]
    }
}

Exclude Files

secret-scanner uses fast-glob for excluding files

{
    "exclude": {
        "files": [
            "**/fileToIgnore.js", // Ignore any instance of file anywhere
            "directory/fileToIgnore.js" // Ignore file in directory
            "**/*.js" // Ignore any JS file in any directory
        ]
    }
}

Exclude Secrets

Excluding secrets is as easy as writing the secret to be excluded or a regex.

Under the hood it uses regex all the same to match

{
    "exclude": {
        "secrets": ["sample-secret", "[a-z0-9]-regex-secret"]
    }
}

CLI

secret-scanner.js scan

Scans directories / scans committed files

Options:
      --version   Show version number                                  [boolean]
      --help      Show help                                            [boolean]
  -h, --hook      Used for pre-hooks
  -l, --location  Location to scan using glob pattern, default is current
                  working dir                     [default: "D:\Code\tester/**"]
  -d, --debug

secret-scanner.js audit

Audit the baseline file

Options:
  --version  Show version number                                       [boolean]
  --help     Show help                                                 [boolean]

Readme

Keywords

Package Sidebar

Install

npm i secret-scanner

Repository

github.com/JoshHiles/secret-scanner

Homepage

github.com/JoshHiles/secret-scanner#readme

Weekly Downloads

14

Version

2.0.1

License

MIT

Unpacked Size

41.4 kB

Total Files

24

Last publish

Collaborators

  • joshhiles
Try on RunKit
Report malware