Bot releases are visible (Hide)
Published by github-actions[bot] over 2 years ago
Fixes
- gcp: bump node-forge from 1.2.1 to 1.3.0 #243
Published by azu over 2 years ago
What's Changed
- fix(secretlint-rule-filter-comments): remove unnecessary deps by @azu in https://github.com/secretlint/secretlint/pull/234
Full Changelog: https://github.com/secretlint/secretlint/compare/v5.0.0...v5.0.1
Published by azu over 2 years ago
Breaking Changes
Secretlint@5 require Node.js 14+
Please update secretlint and @secretlint/secretlint-rule-preset-recommend at same time.
Features
-
config-loader: improve validation to config (#224) (222555f)
- It throw error when you have used invalid configuration
Others
- Remove @secretlint/config-validator #224
Full Changelog: https://github.com/secretlint/secretlint/compare/v4.2.1...v5.0.0
Published by github-actions[bot] about 3 years ago
This release only update versions.
Previous release was blocked by npm incident
https://status.npmjs.org/incidents/wy4002vc8ryc
fix #208
Published by github-actions[bot] about 3 years ago
Features
-
npm: support new
npmprefix token #201 #200
npm has a new access token format.
secretlint 4.1.0 has supported the new token format like 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.
Fixes
- github: token length should be 40 https://github.com/secretlint/secretlint/commit/6b41e01801d9fe8d5fb25cd15250efddc36f9787
Published by github-actions[bot] about 3 years ago
Features
ESM rule support #187
Secretlint allow to load secretlint rule as ESM(ECMAScript modules).
You can write secretlint rule as ESM.
For more details, pleases see document.
Support secretlint-disable directive #96 #195
@secretlint/secretlint-rule-filter-comments support disable comment like secretlint-disable.
This rule is included in @secretlint/secretlint-rule-preset-recommend.
// secretlint-disable -- disable all rules
THIS IS SECRET A
THIS IS SECRET B
THIS IS SECRET C
// secretlint-enable -- enable again
// secretlint-disable-next-line @secretlint/secretlint-rule-secret-alphabet -- disable specific rule in next line
THIS IS SECRET D
THIS IS SECRET E // secretlint-disable-line -- disable current line
If you want to use this directive in shellscript, you can use # secretlint-disable.
# secretlint-disable-next-line
echo "THIS IS SECRET, BUT IT WILL BE IGNORED"
For more details, see https://github.com/secretlint/secretlint/blob/master/docs/configuration.md
Breaking Changes
use export const creator instead of export default #190
Secretlint rule should use named export insteadof default export.
It is caused is thatDynamic Import in CommonJS is broken https://github.com/secretlint/secretlint/issues/190
If you have a secretlint rule, please change following.
- export default creator;
+ export { creator }
Require Node.js 12 and update engines #193
Now, Secretlint requires Node.js 12+
It aims to support ECMAScript modules.
Published by github-actions[bot] over 3 years ago
Features
You can mask output of secretlint with --maskSecrets option.
$ secretlint --maskSecrets .credential
/Users/user/.credential
1:0 error [AWSSecretAccessKey] found AWS Secret Access Key: **************************************** @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-aws
β 1 problem (1 error, 0 warnings)
It will help you to integrate secretlint with CI like GitLab.
Published by github-actions[bot] over 3 years ago
π Updated
@secretlint/secretlint-rule-preset-recommend
- Add
@secretlint/secretlint-rule-githubby default
π Docs
- Update husky + lint-staged integration
- Add comparison to GitHub's secret scanning
Published by github-actions[bot] over 3 years ago
New Rules
@secretlint/secretlint-rule-github
- Detect new GitHub Token format
- Authentication token format updates are generally available | GitHub Changelog
Published by github-actions[bot] almost 4 years ago
Fixes
- secretlint-rule-gcp: bump node-forge from 0.9.1 to 0.10.0 #148
Published by github-actions[bot] over 4 years ago
New rules
@secretlint/secretlint-rule-no-homedir
A secretlint rule that disallow to include user's homedir path.
@secretlint/secretlint-rule-pattern
A secretlint rule that checks for RegEx patterns
Created by @PseudoCoding
Fixes
- fix handling for non-ascii file path (#137)
Published by github-actions[bot] over 4 years ago
BREAKING CHANGES
-
core: changes
SecretLintRuleMessageTranslateinterface #127
Each rule need to change messages object format.
AWSAccessKeyID: {
- en: "found AWS Access Key ID: {{ID}}",
- ja: "AWS Access Key Id: {{ID}} γγΏγ€γγγΎγγ"
+ en: (props: { ID: string }) => `found AWS Access Key ID: ${props.ID}`,
+ ja: (props: { ID: string }) => `AWS Access Key Id: ${props.ID} γγΏγ€γγγΎγγ`,
},
It will resolve #119 because, it also remove runtime check for placeholder string.
It introduce static checking for template string instead of dynamic checking.
For more details, see documentation.
New Rules
@secretlint/secretlint-rule-sendgrid
@mtsalenc has created @secretlint/secretlint-rule-sendgrid (#128) (8dcb023)
It check SendGrid API Keys to prevent committing.
Features
Bug Fixes
- tester: sort object be property name (#133) (f684cdf)
- core: change SecretLintRuleMessageTranslate to check statically (03ccff1)
New Collaborators
Add @mtsalenc to collaborators π
Published by github-actions[bot] over 4 years ago
Features
secretlint-rule-no-dotenv: add new rule (99959b2) #66 #121
@munierujp has implemented @secretlint/secretlint-rule-no-dotenv that disallow to commit .env because dotenv document describe that
Should I commit my .env file?
No. We strongly recommend against committing your .env file to version control.
-- https://github.com/motdotla/dotenv#should-i-commit-my-env-file
You can tell Secretlint to ignore .env file by .secretlintignore configuration.
For more details .secretlintignore, see following document.
Installation
npm install @secretlint/secretlint-rule-no-dotenv
Usage
Edit .secretlintrc.json
{
"rules": [
{
"id": "@secretlint/secretlint-rule-no-dotenv"
}
]
}
