{"id":13826318,"url":"https://github.com/lirantal/detect-secrets","last_synced_at":"2025-04-14T03:24:34.795Z","repository":{"id":34877007,"uuid":"194941746","full_name":"lirantal/detect-secrets","owner":"lirantal","description":"A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets","archived":false,"fork":false,"pushed_at":"2022-04-07T18:23:58.000Z","size":1335,"stargazers_count":50,"open_issues_count":6,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-08T20:48:18.077Z","etag":null,"topics":["detect-secrets","git-hooks","git-secrets","pre-commit","secrets","yelp"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lirantal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-02T22:14:18.000Z","updated_at":"2025-01-24T22:40:06.000Z","dependencies_parsed_at":"2022-08-08T02:15:25.639Z","dependency_job_id":null,"html_url":"https://github.com/lirantal/detect-secrets","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fdetect-secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fdetect-secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fdetect-secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fdetect-secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lirantal","download_url":"https://codeload.github.com/lirantal/detect-secrets/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248814442,"owners_count":21165768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detect-secrets","git-hooks","git-secrets","pre-commit","secrets","yelp"],"created_at":"2024-08-04T09:01:35.587Z","updated_at":"2025-04-14T03:24:34.777Z","avatar_url":"https://github.com/lirantal.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\u003ch1 align=\"center\"\u003e\n  detect-secrets\n\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  A developer-friendly secrets detection tool for CI and pre-commit hooks\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.npmjs.org/package/detect-secrets\"\u003e\u003cimg src=\"https://badgen.net/npm/v/detect-secrets\" alt=\"npm version\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.org/package/detect-secrets\"\u003e\u003cimg src=\"https://badgen.net/npm/license/detect-secrets\" alt=\"license\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.org/package/detect-secrets\"\u003e\u003cimg src=\"https://badgen.net/npm/dt/detect-secrets\" alt=\"downloads\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://travis-ci.org/lirantal/detect-secrets\"\u003e\u003cimg src=\"https://badgen.net/travis/lirantal/detect-secrets\" alt=\"build\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://codecov.io/gh/lirantal/detect-secrets\"\u003e\u003cimg src=\"https://badgen.net/codecov/c/github/lirantal/detect-secrets\" alt=\"codecov\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://snyk.io/test/github/lirantal/detect-secrets\"\u003e\u003cimg src=\"https://snyk.io/test/github/lirantal/detect-secrets/badge.svg\" alt=\"Known Vulnerabilities\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg\" alt=\"Security Responsible Disclosure\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# About\n\nThe `detect-secrets` npm package is a Node.js-based wrapper for Yelp's [detect-secrets](https://github.com/Yelp/detect-secrets) tool that aims to provide an accessible and developer-friendly method of introducing secrets detection in pre-commit hooks.\n\nYelp's detect-secrets is based on Python and requires explicit installation from developers. Moreover, its installation may be challenging in different operating systems. `detect-secrets` aims to alleviate this challenge by:\n\n1. Attempt to locate Yelp's detect-secrets tool, and if it exists in the path to execute it.\n\nIf it fails it continues to:\n\n2. Attempt to locate the docker binary and if it exists it will download and execute the docker container for [lirantal/detect-secrets](https://github.com/lirantal/docker-detect-secrets) which has Yelp's detect-secrets inside the image.\n\nIf this fails as well:\n\n3. Exit with a warning message\n\n--\n\nThe above described fallback strategy is used to find an available method of executing the detect-secrets tool to protect the developer from leaking secrets into source code control.\n\n# Install\n\n```bash\nnpm install --save detect-secrets\n```\n\nThis will expose `detect-secrets-launcher` Node.js executable file.\n\nAnother way to invoke it is with npx which will download and execute the detect-secrets wrapper on the fly:\n\n```bash\nnpx detect-secrets [arguments]\n```\n\n# Usage\n\nIf you're using `husky` to manage pre-commit hooks configuration, then enabling secrets detection is as simple as adding another hook entry.\n\n```js\n\"husky\": {\n    \"hooks\": {\n      \"pre-commit\": \"detect-secrets-launcher src/*\"\n    }\n  }\n```\n\nIf you're using `husky` and `lint-staged` to manage pre-commit hooks configuration and running static code analysis on staged files, then enabling secrets detection is as simple as adding another lint-staged entry.\n\nA typical setup will look like this as an example:\n\n```js\n\"husky\": {\n  \"hooks\": {\n    \"pre-commit\": \"lint-staged\"\n  },\n},\n\"lint-staged\": {\n  \"linters\": {\n    \"**/*.js\": [\n      \"detect-secrets-launcher --baseline .secrets-baseline\"\n    ]\n  }\n}\n```\n\nIf you're not using a baseline file (it is created using Yelp's server-side detect-secrets tool) then you can simply omit this out and keep it as simple as `detect-secrets-launcher`.\n\n# Example\n\nTo scan the `index.js` file within a repository for the potential of leaked secrets inside it run the following:\n\n```bash\ndetect-secrets-launcher index.js\n```\n\nNote that `index.js` has to be staged and versioned control. Any other plain file that is not known to git will not be scanned.\n\n# Contributing\n\nPlease consult [CONTIRBUTING](./CONTRIBUTING.md) for guidelines on contributing to this project.\n\n# Author\n\n**detect-secrets** © [Liran Tal](https://github.com/lirantal), Released under the [Apache-2.0](./LICENSE) License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fdetect-secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flirantal%2Fdetect-secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fdetect-secrets/lists"}