Detect a npmrc auth token being checked in - Githubissues

Yelp / detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

Apache License 2.0

3.59k stars 449 forks source link

Detect a npmrc auth token being checked in #785

Open kaihendry opened 5 months ago

kaihendry commented 5 months ago

I'm submitting a ...
- [ ] bug report
- [X] feature request
What is the current behavior?

Doesn't seem to pick up on auth tokens in npmrc https://docs.npmjs.com/cli/v9/configuring-npm/npmrc#auth-related-configuration

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

//registry.example.com/:_auth=foobar
//registry2.example.com/:_authToken=MYTOKEN2

https://gist.github.com/kaihendry/090f21f431560a05e9771c3f854d7c53

What is the expected behavior?

Flag the token

What is the motivation / use case for changing the behavior?

Might have accidentally checked in a secret

Please tell us about your environment:
- detect-secrets Version: 1.4.
- Python Version:
- OS Version: MacOS / Homebrew
- File type (if applicable):
Other information

https://github.com/gitleaks/gitleaks/issues/1326

lantica commented 2 months ago

Having the same issue