Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@clevertech.biz/findsecrets

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@clevertech.biz/findsecrets

Prevent pushing secrets to the repository

  • 0.1.3
  • latest
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

findsecrets

Looks for secrets in your code. Ignores .env files. The idea is preventing pushing secrets to a repository, so it is useful to invoke it in a precommit hook. You can use it in combination with lint-staged and husky for example so all (and only) modified files in a commit get analyzed.

Example secret:

const FACEBOOK_API_SECRET = 'ZVyyCKt7i2JMtlaJgnYExjRyBlI1KOHbxiDcseWQ9at5uHFvQl'

Running manually:

findsecrets /path/to/code.js

Output:

Found secrets in /path/to/code.js
    at line 1 ZVyyCKt7i2JMtlaJgnYExjRyBl...

Installing

Install locally. Perfect for using it in combination with lint-staged and husky or any npm script.

npm install @clevertech.biz/findsecrets

Optionally install it globally

npm install @clevertech.biz/findsecrets -g

Usage

findsecrets /path/to/code.js

Skipping lines or files

Sometimes you'll get false positives. You can ignore a line like this:

const falsePositive = 'yLjaLLAnycACDX3aAeA8Vnac' // findsecrets-ignore-line

You can also ignore a whole file by putting a comment containing findsecrets-ignore-file in the first line.

FAQs

Package last updated on 12 Jul 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc