An easy-to-use utility toolbelt for Discord bots written in Python.
APACHE-2.0 License
An easy-to-use utility toolbelt for Discord bots written in Python. Read the docs ยป
Do you store your Discord bot token in plaintext? Don't get caught with your pants down. Strap in!
Botstrap is a Python library suit of power armor that perfectly fits your
Discord bot. It offers:
Python 3.10 or higher is required. It's also generally a good idea to upgrade pip
(python -m pip install -U pip
).
pip install -U botstrap
For additional/alternative installation instructions, see the documentation.
Coming soon! In the meantime, check out:
Adding one or both of Botstrap's pre-commit hooks to your git
workflow is an easy
and seamless way to improve the security of your codebase. (If you're unfamiliar with
pre-commit, here's its quickstart guide. Highly recommend!)
See below for descriptions of the available hooks, and add the one(s) you like to your
.pre-commit-config.yaml
:
- repo: https://github.com/nuztalgia/botstrap
rev: 0.2.9
hooks:
- id: detect-discord-bot-tokens
- id: detect-encrypted-tokens
detect-discord-bot-tokens
This hook checks the contents of your added/changed files every time you git commit
,
and raises an error if it finds any unencrypted bot tokens. It won't catch any plaintext
tokens that you've .gitignore
-d or already committed, but it will prevent you from
accidentally committing new ones.
Note: This hook is especially useful for bots whose tokens aren't secured by the main Botstrap library - including bots written in languages other than Python! โจ
detect-encrypted-tokens
Although it isn't quite as dangerous to commit your encrypted bot tokens, doing so is
still very much a security risk. This hook prevents that from happening by raising an
error if you try to git commit
a file whose name matches the pattern used by
Botstrap's encrypted token files. (Hint: Keep this hook happy by adding *.key
to
your .gitignore
.)
Let everyone know your Discord bot is secure by adding a badge to your repository's
README.md
:
[![Botstrap](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fnuztalgia%2Fbotstrap%2Fmain%2F.github%2Fbadges%2Fbotstrap-on.json)](https://github.com/nuztalgia/botstrap)
You can replace botstrap-on
in the above snippet with the text on one of the other
badges (e.g. tokens-secure
).
For more granular customization options, check out the available style parameters on shields.io.
Copyright ยฉ 2022 Nuztalgia. Released under the Apache License, Version 2.0.