Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

eslint-plugin-no-secrets

Package Overview
Dependencies
Maintainers
1
Versions
17
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-no-secrets - npm Package Compare versions

Comparing version 1.0.1-eslint9 to 1.0.2

66

CHANGELOG.md
# CHANGELOG
## 1.0.1
### Major
- This package has been out long enough for 1.0.0 release
### Minor
- Added support and tests for ESLint "flat config"
### Patch
- Several packages have been updated and patched
## 0.9.1
### Patch
- Pre-release before adding support for eslint flag config and to fix versioning
## 0.8.9
### Minor
- Replaced how JSON document scanning worked so it works with other plugins
- Replaced how JSON document scanning worked so it works with other plugins
## 0.7.9
### Minor
- Add support for linting comments
- Add support for linting comments
## 0.6.9
### Patch
- Add eslint 7 unit testing
- Add eslint 7 unit testing
## 0.6.8
### Patch
- Security updates
- Removed eslint 5 testing
- Security updates
- Removed eslint 5 testing
## 0.6.5
### Patch
- Security updates
- Security updates
## 0.6.4
### Minor
- Added support for scanning JSON documents
- Added support for scanning JSON documents
## 0.5.4
### Minor
- Added support for two new options
- `additionalDelimiters`: In addition to splitting the string by whitespace, tokens will be further split by these delimiters
- `ignoreCase`: Ignores character case when calculating entropy. This could lead to some false negatives
- Added support for two new options
- `additionalDelimiters`: In addition to splitting the string by whitespace, tokens will be further split by these delimiters
- `ignoreCase`: Ignores character case when calculating entropy. This could lead to some false negatives
## 0.3.4
### Patch
- Security updates
- Security updates

2

package.json
{
"name": "eslint-plugin-no-secrets",
"version": "1.0.1-eslint9",
"version": "1.0.2",
"description": "An eslint rule that searches for potential secrets/keys in code",

@@ -5,0 +5,0 @@ "main": "index.js",

[![Build Status](https://travis-ci.org/nickdeis/eslint-plugin-no-secrets.svg)](https://travis-ci.org/nickdeis/eslint-plugin-no-secrets)
# eslint-plugin-no-secrets

@@ -9,13 +8,17 @@

<!-- vscode-markdown-toc -->
* 1. [Usage](#Usage)
* 1.1. [Include JSON files](#IncludeJSONfiles)
* 2. [Config](#Config)
* 3. [When it's really not a secret](#Whenitsreallynotasecret)
* 3.1. [ Either disable it with a comment](#Eitherdisableitwithacomment)
* 3.2. [ use the `ignoreContent` to ignore certain content](#usetheignoreContenttoignorecertaincontent)
* 3.3. [ Use `ignoreIdentifiers` to ignore certain variable/property names](#UseignoreIdentifierstoignorecertainvariablepropertynames)
* 3.4. [ Use `additionalDelimiters` to further split up tokens](#UseadditionalDelimiterstofurthersplituptokens)
* 4. [Options](#Options)
* 5. [Acknowledgements](#Acknowledgements)
- 1. [Usage](#Usage)
- 1.1. [Flat config](#Flatconfig)
- 1.2. [eslintrc](#eslintrc)
- 1.3. [Include JSON files](#IncludeJSONfiles)
- 1.3.1. [Include JSON files with in "flat configs"](#IncludeJSONfileswithinflatconfigs)
- 2. [Config](#Config)
- 3. [When it's really not a secret](#Whenitsreallynotasecret)
- 3.1. [ Either disable it with a comment](#Eitherdisableitwithacomment)
- 3.2. [ use the `ignoreContent` to ignore certain content](#usetheignoreContenttoignorecertaincontent)
- 3.3. [ Use `ignoreIdentifiers` to ignore certain variable/property names](#UseignoreIdentifierstoignorecertainvariablepropertynames)
- 3.4. [ Use `additionalDelimiters` to further split up tokens](#UseadditionalDelimiterstofurthersplituptokens)
- 4. [Options](#Options)
- 5. [Acknowledgements](#Acknowledgements)
<!-- vscode-markdown-toc-config

@@ -27,13 +30,36 @@ numbering=true

## 1. <a name='Usage'></a>Usage
## 1. <a name='Usage'></a>Usage
`npm i -D eslint-plugin-no-secrets`
*.eslintrc*
### 1.1. <a name='Flatconfig'></a>Flat config
_eslint.config.js_
```js
import noSecrets from "eslint-plugin-no-secrets";
export default [
{
files: ["**/*.js"],
plugins: {
"no-secrets": noSecrets,
},
rules: {
"no-secrets/no-secrets": "error",
},
},
];
```
### 1.2. <a name='eslintrc'></a>eslintrc
_.eslintrc_
```json
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":"error"
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": "error"
}
}

@@ -44,3 +70,4 @@ ```

//Found a string with entropy 4.3 : "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"
const A_SECRET = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva";
const A_SECRET =
"ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva";
//Found a string that matches "AWS API Key" : "AKIAIUWUUQQN3GNUA88V"

@@ -50,3 +77,3 @@ const AWS_TOKEN = "AKIAIUWUUQQN3GNUA88V";

### 1.1. <a name='IncludeJSONfiles'></a>Include JSON files
### 1.3. <a name='IncludeJSONfiles'></a>Include JSON files

@@ -57,16 +84,34 @@ To include JSON files, install `eslint-plugin-jsonc`

Then in your `.eslint` configuration file, extend the jsonc base config
Then in your `.eslint` configuration file, extend the jsonc base config
```json
{
"extends": [
"plugin:jsonc/base"
]
"extends": ["plugin:jsonc/base"]
}
```
#### 1.3.1. <a name='IncludeJSONfileswithinflatconfigs'></a>Include JSON files with in "flat configs"
_eslint.config.js_
## 2. <a name='Config'></a>Config
```js
import noSecrets from "eslint-plugin-no-secrets";
import jsoncExtend from "eslint-plugin-jsonc";
export default [
...jsoncExtend.configs["flat/recommended-with-jsonc"],
{
languageOptions: { ecmaVersion: 6 },
plugins: {
"no-secrets": noSecret,
},
rules: {
"no-secrets/no-secrets": "error",
},
},
];
```
## 2. <a name='Config'></a>Config
Decrease the tolerance for entropy

@@ -76,6 +121,6 @@

{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"tolerance":3.2}]
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": ["error", { "tolerance": 3.2 }]
}
}

@@ -87,22 +132,27 @@ ```

```json
{
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": [
"error",
{ "additionalRegexes": { "Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*" } }
]
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": [
"error",
{
"additionalRegexes": {
"Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*"
}
}
]
}
}
```
## 3. <a name='Whenitsreallynotasecret'></a>When it's really not a secret
### 3.1. <a name='Eitherdisableitwithacomment'></a> Either disable it with a comment
## 3. <a name='Whenitsreallynotasecret'></a>When it's really not a secret
### 3.1. <a name='Eitherdisableitwithacomment'></a> Either disable it with a comment
```javascript
// Set of potential base64 characters
// eslint-disable-next-line no-secrets/no-secrets
const BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
const BASE64_CHARS =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
```

@@ -112,25 +162,28 @@

### 3.2. <a name='usetheignoreContenttoignorecertaincontent'></a> use the `ignoreContent` to ignore certain content
### 3.2. <a name='usetheignoreContenttoignorecertaincontent'></a> use the `ignoreContent` to ignore certain content
```json
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"ignoreContent":"^ABCD"}]
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": ["error", { "ignoreContent": "^ABCD" }]
}
}
```
### 3.3. <a name='UseignoreIdentifierstoignorecertainvariablepropertynames'></a> Use `ignoreIdentifiers` to ignore certain variable/property names
### 3.3. <a name='UseignoreIdentifierstoignorecertainvariablepropertynames'></a> Use `ignoreIdentifiers` to ignore certain variable/property names
```json
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"ignoreIdentifiers":["BASE64_CHARS"]}]
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": [
"error",
{ "ignoreIdentifiers": ["BASE64_CHARS"] }
]
}
}
```
### 3.4. <a name='UseadditionalDelimiterstofurthersplituptokens'></a> Use `additionalDelimiters` to further split up tokens
### 3.4. <a name='UseadditionalDelimiterstofurthersplituptokens'></a> Use `additionalDelimiters` to further split up tokens

@@ -143,26 +196,26 @@ Tokens will always be split up by whitespace within a string. However, sometimes words that are delimited by something else (e.g. dashes, periods, camelcase words). You can use `additionalDelimiters` to handle these cases.

{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"additionalDelimiters":[".","(?=[A-Z][a-z])"]}]
}
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": [
"error",
{ "additionalDelimiters": [".", "(?=[A-Z][a-z])"] }
]
}
}
```
## 4. <a name='Options'></a>Options
## 4. <a name='Options'></a>Options
| Option | Description | Default | Type |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------------------------------------------- |
| tolerance | Minimum "randomness"/entropy allowed. Only strings **above** this threshold will be shown. | `4` | `number` |
| additionalRegexes | Object of additional patterns to check. Key is check name and value is corresponding pattern | `{}` | {\[regexCheckName:string]:string \| RegExp} |
| ignoreContent | Will ignore the _entire_ string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions | `[]` | string \| RegExp \| (string\|RegExp)[] |
| ignoreModules | Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement. | `true` | `boolean` |
| ignoreIdentifiers | Ignores the values of properties and variables that match a pattern or an array of patterns. | `[]` | string \| RegExp \| (string\|RegExp)[] |
| ignoreCase | Ignores character case when calculating entropy. This could lead to some false negatives | `false` | `boolean` |
| additionalDelimiters | In addition to splitting the string by whitespace, tokens will be further split by these delimiters | `[]` | (string\|RegExp)[] |
|Option|Description|Default|Type|
|------|-----------|----------------|----|
|tolerance|Minimum "randomness"/entropy allowed. Only strings **above** this threshold will be shown. |`4`|`number`|
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|{\[regexCheckName:string]:string \| RegExp}|
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|string \| RegExp \| (string\|RegExp)[]|
|ignoreModules|Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement.|`true`|`boolean`|
|ignoreIdentifiers|Ignores the values of properties and variables that match a pattern or an array of patterns. |`[]`|string \| RegExp \| (string\|RegExp)[]|
|ignoreCase|Ignores character case when calculating entropy. This could lead to some false negatives|`false`|`boolean`|
|additionalDelimiters|In addition to splitting the string by whitespace, tokens will be further split by these delimiters|`[]`|(string\|RegExp)[]|
## 5. <a name='Acknowledgements'></a>Acknowledgements
## 5. <a name='Acknowledgements'></a>Acknowledgements
Huge thanks to [truffleHog](https://github.com/dxa4481/truffleHog) for the inspiration, the regexes, and the measure of entropy.
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc