
Security News
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
hide-secrets
Advanced tools
for when you want to log objects, but hide certain restricted fields, e.g., passwords.
var hide = require('hide-secrets')
var obj = {
innerObject: {
password: 'abc123',
email: 'ben@npmjs.com',
token: 'my-secret-token'
},
auth: '' // empty strings are left empty.
}
console.log(hide(obj))
outputs
{
innerObject: {
password: '[SECRET]',
email: 'ben@npmjs.com',
token: '[SECRET]'
},
auth: ''
}
Currently the following fields are obfuscated by default:
password
, pass
, token
, auth
, secret
, passphrase
.
If you want to override this list of obfuscated terms, simply:
create your own list of terms:
const badWords = [
'super-secret-1', 'double-secret-probation'
]
pass this as configuration to hide-secrets:
console.log(hide(obj, {badWords}))
Any keys within obj that are contained within the badWords
array will be hidden.
ISC
FAQs
for when you want to log objects, but hide certain restricted fields, e.g., passwords.
The npm package hide-secrets receives a total of 1,229 weekly downloads. As such, hide-secrets popularity was classified as popular.
We found that hide-secrets demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
Research
Security News
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.