UNPKG

secretshield

Version:

šŸ›”ļø SecretShield is a CLI tool that detects API keys and sensitive credentials before you commit code.

35 lines (28 loc) ā€¢ 1.05 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env node const { execSync } = require('child_process'); const scanFilesForSecrets = require('../scripts/scan'); const chalk = require('chalk'); console.log("āœ… SecretShield CLI is working!"); console.log('šŸ” SecretShield scanning staged files...'); let files = []; try { files = execSync('git diff --cached --name-only', { encoding: 'utf-8' }) .split('\n') .filter(f => f.trim().length > 0); } catch (err) { console.error(chalk.red("āš ļø Failed to scan files. Make sure Git is initialized and you have staged files.")); process.exit(1); } if (files.length === 0) { console.log(chalk.yellow("āš ļø No staged files to scan.")); process.exit(0); } const path = require('path'); const absolutePaths = files.map(file => path.resolve(process.cwd(), file)); const secretsFound = scanFilesForSecrets(absolutePaths); if (secretsFound) { console.log('\nšŸ›‘ Commit blocked: Secrets detected!'); process.exit(1); } else { console.log('āœ… No secrets found. You are good to commit.'); }