1.0.0 • Published 3 years ago
i-can-haz-ur-secrets v1.0.0
i-can-haz-ur-secrets
Node.js package to catch insecure invocations of 'npm ci', when a malicious script has a chance to steal your secret environment variables
The package provides preinstall
, install
, postinstall
scripts, which scan your environment variables for some common patterns; if a suspicious variable is found, the script aborts with the exit code of 1.
The idea behind the package is to enforce the correct usage of npm ci
, so that malicious scripts cannto steal your GITHUB_TOKEN
or NODE_AUTH_TOKEN
.
1.0.0
3 years ago
0.0.1-security
3 years ago