trufflehog-js

/** * Copyright (c) 2025 maloma7. All rights reserved. * SPDX-License-Identifier: MIT */ export enum ExitCode { SUCCESS = 0, // No secrets found - allow commit SECRETS_FOUND = 1, // Secrets detected - block commit ERROR = 2, // Tool error - block commit with warning } export interface ScanResult { detector: string; file: string; line: number; verified: boolean; secret: string; // redacted in output raw: string; // full TruffleHog output } export interface TruffleHogScanResult { SourceMetadata?: { Data?: { Filesystem?: { file?: string; }; }; }; SourceID?: number; SourceType?: number; SourceName?: string; DetectorType?: number; DetectorName?: string; DecoderName?: string; Verified?: boolean; Raw?: string; RawV2?: string; Redacted?: string; ExtraData?: Record<string, unknown>; StructuredData?: Record<string, unknown>; } export interface ScanOptions { staged?: boolean; quiet?: boolean; verbose?: boolean; config?: string; exclude?: string[]; timeout?: number; verify?: boolean; includeDetectors?: string[]; excludeDetectors?: string[]; includePaths?: string[]; excludePaths?: string[]; } export interface TruffleHogConfig { binaryPath?: string; timeout?: number; verify?: boolean; detectors?: { include?: string[]; exclude?: string[]; }; paths?: { include?: string[]; exclude?: string[]; }; } export type Platform = "linux" | "darwin" | "win32"; export interface PlatformInfo { platform: Platform; arch: string; binaryName: string; downloadUrl: string; checksum?: string; } export interface BinaryCacheInfo { version: string; platform: string; arch: string; path: string; checksum: string; downloadedAt: Date; verified: boolean; } export interface DownloadProgress { downloaded: number; total: number; percentage: number; } export type LogLevel = "debug" | "info" | "warn" | "error"; export interface Logger { debug(message: string, ...args: unknown[]): void; info(message: string, ...args: unknown[]): void; warn(message: string, ...args: unknown[]): void; error(message: string, ...args: unknown[]): void; } export interface GitStagedFile { path: string; status: "A" | "M" | "D" | "R" | "C" | "U" | "?"; } export interface TruffleHogCliArgs { command: "scan"; subcommand: "filesystem"; path: string; flags: string[]; } export const SUPPORTED_PLATFORMS: Record<string, PlatformInfo> = { "linux-x64": { platform: "linux", arch: "x64", binaryName: "trufflehog_3.90.8_linux_amd64.tar.gz", downloadUrl: "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_linux_amd64.tar.gz", }, "linux-arm64": { platform: "linux", arch: "arm64", binaryName: "trufflehog_3.90.8_linux_arm64.tar.gz", downloadUrl: "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_linux_arm64.tar.gz", }, "darwin-x64": { platform: "darwin", arch: "x64", binaryName: "trufflehog_3.90.8_darwin_amd64.tar.gz", downloadUrl: "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_darwin_amd64.tar.gz", }, "darwin-arm64": { platform: "darwin", arch: "arm64", binaryName: "trufflehog_3.90.8_darwin_arm64.tar.gz", downloadUrl: "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_darwin_arm64.tar.gz", }, "win32-x64": { platform: "win32", arch: "x64", binaryName: "trufflehog_3.90.8_windows_amd64.tar.gz", downloadUrl: "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_windows_amd64.tar.gz", }, }; export const TRUFFLEHOG_VERSION = "3.90.8"; export const CHECKSUMS_URL = "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_checksums.txt"; export const CHECKSUMS_SIGNATURE_URL = "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_checksums.txt.sig"; export const PUBLIC_KEY_URL = "https://github.com/trufflesecurity/trufflehog/releases/download/v3.90.8/trufflehog_3.90.8_checksums.txt.pem";