@secretlint/secretlint-rule-github

@secretlint/secretlint-rule-github

A secretlint rule for GitHub.

Install

Install with npm:

npm install @secretlint/secretlint-rule-github

Usage

Via .secretlintrc.json(Recommended)

{
    "rules": [
        {
            "id": "@secretlint/secretlint-rule-github"
        }
    ]
}

MessageIDs

GITHUB_TOKEN

found GitHub Token({{typeName}}): {{KEY}}

Disallow to write GitHub Token.

• ghp_ for Personal Access Tokens
• gho_ for OAuth Access tokens
• ghu_ for GitHub App user-to-server tokens
• ghs_ for GitHub App server-to-server tokens
• ghr_ for GitHub App refresh tokens
• github_pat_ for fine-grained personal access tokens

This rule can detect a new format of GitHub Token.

• Authentication token format updates are generally available | GitHub Changelog
• Introducing fine-grained personal access tokens for GitHub | The GitHub Blog

Options

• allows: string[]
  • Allows a list of RegExp-like String

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

1. Fork it!
2. Create your feature branch: git checkout -b my-new-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request :D

Author

• github/azu
• twitter/azu_re

License

MIT © azu

Changelog

5.3.0 (2022-10-30)

Bug Fixes

• deps: update dependency node-sarif-builder to ^2.0.3 (c99e4cc)
• deps: update patch updates (eba8592)
• github: remove duplicated gho- prefix (#323) (d70f815)

Features

• secretlint-rule-github: support for fine-grained personal access tokens (#322) (9eae766)