Secret-scanner-cli NPM

Secret Scanner CLI

📌 Overview

Secret Scanner is a CLI tool that helps developers detect and prevent accidental exposure of sensitive information such as API keys, passwords, database URLs, and more before committing code.

🚀 Installation

You can install Secret Scanner globally using npm:

npm install -g secret-scanner-cli

Or, you can run it without installing using npx:

npx secret-scan

🛠 Usage

To scan for secrets in your repository, run:

npx secret-scanner-cli

If installed globally, you can also use:

secret-scan

If secrets are detected, the commit will be blocked, and details of the exposed secrets will be displayed.

🎯 Features

Detects common secrets including:
- API Keys (AWS, Google, Stripe, etc.)
- Passwords and Database URLs
- JSON Web Tokens (JWTs)
- OAuth and Slack Tokens
- SSH Private Keys
- Credit Card Numbers
- Basic Auth Credentials
Integrates with Git hooks to prevent secret leaks
Supports customization for additional secret patterns

🔧 Configuration

You can define custom patterns by modifying the patterns object in index.js. Example:

const patterns = {
  customSecret: /my-custom-pattern/gi,
};

💡 Example Output

If secrets are detected, you'll see:

Secrets found in config.js:
- apiKey: 1234567890abcdef1234567890abcdef
- password: D1fficultP@ssw0rd

Secrets detected. Commit blocked.

🏧 Development

Clone the repository and install dependencies:

git clone https://github.com/Arun96980/Secret_Scan_Working.git
cd secret-scanner-cli
npm install

To test the scanner:

node index.js

🐝 Issues & Contributions

Feel free to open an issue or submit a pull request on GitHub.

🐜 License

MIT License

security secrets scanner git pre-commit sensitive-data

@arunjayaraj/secret-scanner-cli chalk

4 months ago

4 months ago

4 months ago

4 months ago