Bot releases are visible (Hide)
Published by github-actions[bot] over 2 years ago
Published by azu over 2 years ago
Full Changelog: https://github.com/secretlint/secretlint/compare/v5.0.0...v5.0.1
Published by azu over 2 years ago
Secretlint@5 require Node.js 14+
Please update secretlint
and @secretlint/secretlint-rule-preset-recommend
at same time.
Full Changelog: https://github.com/secretlint/secretlint/compare/v4.2.1...v5.0.0
Published by github-actions[bot] about 3 years ago
This release only update versions.
Previous release was blocked by npm incident
https://status.npmjs.org/incidents/wy4002vc8ryc
fix #208
Published by github-actions[bot] about 3 years ago
npm
prefix token #201 #200npm has a new access token format.
secretlint 4.1.0 has supported the new token format like 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
.
Published by github-actions[bot] about 3 years ago
Secretlint allow to load secretlint rule as ESM(ECMAScript modules).
You can write secretlint rule as ESM.
For more details, pleases see document.
secretlint-disable
directive #96 #195@secretlint/secretlint-rule-filter-comments support disable comment like secretlint-disable
.
This rule is included in @secretlint/secretlint-rule-preset-recommend.
// secretlint-disable -- disable all rules
THIS IS SECRET A
THIS IS SECRET B
THIS IS SECRET C
// secretlint-enable -- enable again
// secretlint-disable-next-line @secretlint/secretlint-rule-secret-alphabet -- disable specific rule in next line
THIS IS SECRET D
THIS IS SECRET E // secretlint-disable-line -- disable current line
If you want to use this directive in shellscript, you can use # secretlint-disable
.
# secretlint-disable-next-line
echo "THIS IS SECRET, BUT IT WILL BE IGNORED"
For more details, see https://github.com/secretlint/secretlint/blob/master/docs/configuration.md
export const creator
instead of export default
#190Secretlint rule should use named export insteadof default export.
It is caused is thatDynamic Import in CommonJS is broken https://github.com/secretlint/secretlint/issues/190
If you have a secretlint rule, please change following.
- export default creator;
+ export { creator }
engines
#193Now, Secretlint requires Node.js 12+
It aims to support ECMAScript modules.
Published by github-actions[bot] over 3 years ago
You can mask output of secretlint with --maskSecrets
option.
$ secretlint --maskSecrets .credential
/Users/user/.credential
1:0 error [AWSSecretAccessKey] found AWS Secret Access Key: **************************************** @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-aws
β 1 problem (1 error, 0 warnings)
It will help you to integrate secretlint with CI like GitLab.
Published by github-actions[bot] over 3 years ago
@secretlint/secretlint-rule-preset-recommend
@secretlint/secretlint-rule-github
by defaultPublished by github-actions[bot] over 3 years ago
Published by github-actions[bot] almost 4 years ago
Published by github-actions[bot] over 4 years ago
A secretlint rule that disallow to include user's homedir path.
A secretlint rule that checks for RegEx patterns
Created by @PseudoCoding
Published by github-actions[bot] over 4 years ago
SecretLintRuleMessageTranslate
interface #127Each rule need to change messages
object format.
AWSAccessKeyID: {
- en: "found AWS Access Key ID: {{ID}}",
- ja: "AWS Access Key Id: {{ID}} γγΏγ€γγγΎγγ"
+ en: (props: { ID: string }) => `found AWS Access Key ID: ${props.ID}`,
+ ja: (props: { ID: string }) => `AWS Access Key Id: ${props.ID} γγΏγ€γγγΎγγ`,
},
It will resolve #119 because, it also remove runtime check for placeholder string.
It introduce static checking for template string instead of dynamic checking.
For more details, see documentation.
@mtsalenc has created @secretlint/secretlint-rule-sendgrid
(#128) (8dcb023)
It check SendGrid API Keys to prevent committing.
Add @mtsalenc to collaborators π
Published by github-actions[bot] over 4 years ago
@munierujp has implemented @secretlint/secretlint-rule-no-dotenv that disallow to commit .env
because dotenv document describe that
Should I commit my .env file?
No. We strongly recommend against committing your .env file to version control.
-- https://github.com/motdotla/dotenv#should-i-commit-my-env-file
You can tell Secretlint to ignore .env
file by .secretlintignore
configuration.
For more details .secretlintignore
, see following document.
npm install @secretlint/secretlint-rule-no-dotenv
Edit .secretlintrc.json
{
"rules": [
{
"id": "@secretlint/secretlint-rule-no-dotenv"
}
]
}