UNPKG

secure-scan-js

Version:

A JavaScript implementation of Yelp's detect-secrets tool - no Python required

github.com/Expedey/secure-scan-js

Expedey/secure-scan-js

155 lines (154 loc) 3.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
/** * Options for scanning a directory for secrets */ export interface ScanOptions { /** * Directory to scan (default: current directory) */ directory?: string; /** * Scan from project root */ root?: boolean; /** * File patterns to exclude */ excludeFiles?: string[]; /** * Directory patterns to exclude */ excludeDirs?: string[]; /** * Check for potentially missed secrets */ checkMissed?: boolean; /** * Include additional information */ verbose?: boolean; /** * Output file path */ output?: string; /** * Enable file size limits (default: false) */ limitFileSize?: boolean; /** * Maximum file size to scan in bytes (default: 0, no limit) */ maxFileSize?: number; /** * Scan git history (default: false) */ scanGitHistory?: boolean; /** * Starting commit for git history scan */ fromCommit?: string; /** * Ending commit for git history scan */ toCommit?: string; /** * Enrich scan results with git blame information (default: true) */ enrichWithGitInfo?: boolean; /** * Git repository path for external scans */ gitRepoPath?: string; /** * Whether to include node_modules in the scan (not recommended) */ includeNodeModules?: boolean; } /** * Secret details returned from scanning */ export interface Secret { /** * File path where the secret was found */ file: string; /** * Line number where the secret was found */ line: number; /** * Secret type (e.g. 'AWS Access Key', 'API Key', etc.) */ types: string[]; /** * Whether this is likely a false positive */ is_false_positive: boolean; /** * A hash of the secret for reporting without exposing the value */ hashed_secret: string; /** * Git commit hash where the secret was found */ commit: string; /** * Author who committed the secret */ author: string; /** * Email of the author who committed the secret */ email: string; /** * Date when the secret was committed */ date: string; /** * Commit message when the secret was added */ message: string; /** * Detected by which scanner */ detectedBy: string; /** * Enhanced fields */ entropy?: number; confidence?: number; severity?: "low" | "medium" | "high" | "critical"; } /** * A potentially missed secret */ export interface MissedSecret { /** * File path where the secret was found */ file: string; /** * Line number where the secret was found */ line: number; /** * Type of secret */ type: string; } /** * Results from a secret scan */ export interface ScanResults { /** * List of secrets found */ secrets: Secret[]; /** * List of potentially missed secrets */ missed_secrets: MissedSecret[]; /** * Whether any files were truncated due to size */ truncated?: boolean; }