{"id":18397789,"url":"https://github.com/secretlint/webextension","last_synced_at":"2025-09-10T02:43:16.270Z","repository":{"id":39707023,"uuid":"394347822","full_name":"secretlint/webextension","owner":"secretlint","description":"Detect secrets in your request/response using secretlint.","archived":false,"fork":false,"pushed_at":"2025-09-07T23:57:42.000Z","size":521,"stargazers_count":54,"open_issues_count":10,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-09-08T01:21:27.207Z","etag":null,"topics":["credentials","secretlint","secrets","security","webextension"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secretlint.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"azu"}},"created_at":"2021-08-09T15:39:23.000Z","updated_at":"2025-08-15T07:04:22.000Z","dependencies_parsed_at":"2023-09-23T09:09:37.768Z","dependency_job_id":"872037a1-edd2-4102-b756-0afcecb767d9","html_url":"https://github.com/secretlint/webextension","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/secretlint/webextension","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretlint%2Fwebextension","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretlint%2Fwebextension/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretlint%2Fwebextension/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretlint%2Fwebextension/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secretlint","download_url":"https://codeload.github.com/secretlint/webextension/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secretlint%2Fwebextension/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274402665,"owners_count":25278347,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["credentials","secretlint","secrets","security","webextension"],"created_at":"2024-11-06T02:18:40.287Z","updated_at":"2025-09-10T02:43:16.243Z","avatar_url":"https://github.com/secretlint.png","language":"TypeScript","funding_links":["https://github.com/sponsors/azu"],"categories":["TypeScript"],"sub_categories":[],"readme":"# Secretlint WebExtension\n\n[Secretlint](https://github.com/secretlint/secretlint) founds credentials that are included in your request/response.\n\n- Firefox: \u003chttps://addons.mozilla.org/ja/firefox/addon/secretlint/\u003e\n- Chrome: \u003chttps://chrome.google.com/webstore/detail/secretlint/hidpojbnemkajlnibhmeilpgoddkjjkf\u003e\n- Install from Source: See [Development](#Development) section\n\nThis Web Extension integrate [secretlint](https://github.com/secretlint/secretlint) with browser's devTools.\n\n![screenshot](docs/screenshot.png)\n\n:memo: If you want to run secretelint as command line tools, please see [secretlint/secretlint](https://github.com/secretlint/secretlint).\n\n## Features\n\n- Check that request/response includes credentials\n- DevTools integration\n    - Output found credentials to \"Console\" panel(option)\n    - Output found credentials to \"Secretlint\" panel\n\n## Permissions\n\nThis extension requires following permissions\n\n- `\"\u003call_urls\u003e\"`\n    - It is used for extending devTools and \"Console Integration\"\n    - [devtools API](https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools) requires this permission\n    - \"Console Integration\" uses [content_scripts](https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts). Content Scripts require this permission\n    - Related issue: [Reduce to use content scripts · Issue #5](https://github.com/secretlint/webextension/issues/5)\n- `\"webNavigation\"`\n    - It is used for clearing lint messages when move pages\n- `\"storage\"`\n    - It is used for [user config](#Config)\n\n`permissions` is defeind in [manifest.json](./app/manifest.json).\n\n📝 Other Notes\n\n**In Memory Process**\n\nThis extension is written by JavaScript and It do not send your request/response to another server.\nAll process is done in memory.\n\n**Scan timing**\n\nThis exntension only scans secrents during you open developer tools.\nThis limitation come from [devtools API](https://developer.mozilla.org/ja/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools).\n\nIf you close the devTools, this extension does not scan any request/response.\n\n## Motivation\n\nEveryone makes mistakes.\n\nA developer sometimes expose own credentials like OAuth token in a website accidentally.\n\n[secretlint](https://github.com/secretlint/secretlint) can found credentials in file.\nHowever, The exposed credentials come from environments variables or Database, so These are not embed in a file.\n\nWe want to found these exposed credentials.\n\nSecurity researcher use proxy software like [Burp Suite](https://portswigger.net/burp), but web developer use DevTools instead of it.\n\nSecretlint WebExtension integrate to DevTools in Chrome/Firefox.\nThis extension help web developer to notice exposed credential.\n\n## Install\n\n- Firefox: \u003chttps://addons.mozilla.org/ja/firefox/addon/secretlint/\u003e\n- Chrome: \u003chttps://chrome.google.com/webstore/detail/secretlint/hidpojbnemkajlnibhmeilpgoddkjjkf\u003e\n\n## Usage\n\n1. Open browser's Developer Tools\n2. ✅ Disable Cache\n3. Reload page and secretlint report found credentials in your request/response.\n\nYou can check the behavior using demo site:\n\n- Demo: \u003chttps://secretlint-webextension-demo.netlify.app/\u003e\n\n## Built-in rules\n\nThis Web Extension use [@secretlint/secretlint-rule-preset-recommend](https://github.com/secretlint/secretlint/tree/master/packages/@secretlint/secretlint-rule-preset-recommend/) and built-in disallow patterns.\n\n## Config\n\nYou can configure the option of secretlint extension.\n\n- Click \"Secretlint\" icon on menu\n- Or, See This extension's \"Settings\" page\n\n### Allow Patterns\n\nAllow patterns is an array of string or [RegExp-like String](https://github.com/textlint/regexp-string-matcher#regexp-like-string) (/pattern/).\n\nIf you define following pattern, secretlint does not report it which is matched.\n\n```ts\n[\n    \"/NON_SECRETS/i\",\n    \"1.1.1.1\",\n    \"AKIAIOSFODNN7SECRETS\",\n]\n```\n\nDefault patterns are defined in [rule.allows.ts](app/scripts/secretlint/rule.allows.ts).\n\n:memo: Prefer Allow patterns than Disallow patterns.\n\n### Disallow Patterns\n\nYou can add patterns and found your secrets. \n\nThese patterns are based on [@secretlint/secretlint-rule-pattern](https://github.com/secretlint/secretlint/tree/master/packages/%40secretlint/secretlint-rule-pattern).\nEach pattern should have following properties. If match the pattern, report it as error.\n\n- name: pattern name\n- pattern: string or [RegExp-like String](https://github.com/textlint/regexp-string-matcher#regexp-like-string) (/pattern/)\n\nDefault patterns are defined in [rule.patterns.ts](app/scripts/secretlint/rule.patterns.ts).\n\n## Development\n\nBuild this extension from source code:\n\n    # Require Node.js and Yarn\n    yarn install\n    # Chrome\n    yarn dev chrome\n    # Firefox\n    yarn dev firefox\n\nLoad the built extension:\n\n- Firefox: open `about:debugging#/runtime/this-firefox` → Load from local\n- Chrome: open `chrome://extensions/` → Load from local\n\n## Changelog\n\nSee [Releases page](https://github.com/secretlint/webextension/releases).\n\n## Running tests\n\nInstall devDependencies and Run `npm test`:\n\n    npm test\n\n## Contributing\n\nPull requests and stars are always welcome.\n\nFor bugs and feature requests, [please create an issue](https://github.com/secretlint/webextension/issues).\n\n1. Fork it!\n2. Create your feature branch: `git checkout -b my-new-feature`\n3. Commit your changes: `git commit -am 'Add some feature'`\n4. Push to the branch: `git push origin my-new-feature`\n5. Submit a pull request :D\n\n## Author\n\n- azu: [GitHub](https://github.com/azu), [Twitter](https://twitter.com/azu_re)\n\n## License\n\nMIT © azu\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretlint%2Fwebextension","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecretlint%2Fwebextension","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecretlint%2Fwebextension/lists"}