eslint-plugin-no-secrets
An eslint rule that searches for potential secrets/keys in code.
Usage
npm i -D eslint-plugin-no-secrets
.eslintrc
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":"error"
}
}
Decrease the tolerance for entropy
{
"plugins":["no-secrets"],
"rules":{
"no-secrets/no-secrets":["error",{"tolerance":3.2}]
}
}
Add additional patterns to check for certain token formats.
Standard patterns can be found here
{
"plugins": ["no-secrets"],
"rules": {
"no-secrets/no-secrets": [
"error",
{ "additionalRegexes": { "Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*" } }
]
}
}
When it's really not a secret
Then disable it with
const BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
This will tell future maintainers of the codebase that this suspicious string isn't an oversight
Options
Option | Description | Default | Type |
---|
tolerance | Maximum "randomness"/entropy allowed | 4 | number |
additionalRegexes | Object of additional patterns to check. Key is check name and value is corresponding pattern | {} | `{[regexCheckName:string]:string |
Acknowledgements
Huge thanks to truffleHog for the inspiration, the regexes, and the measure of entropy.