search

nickdeis / eslint-plugin-no-secrets

An eslint plugin to find strings that might be secrets/credentials
MIT License
127 stars 4 forks source link

Minimum entropy threshold #24

Closed SaadBazaz closed 4 months ago

SaadBazaz commented 9 months ago

Hey, I don't want this plugin to detect strings with entropy less than 4.3 (because those are usually not secrets for my project). How can I get that done?

nickdeis commented 9 months ago

Hey @SaadBazaz, I just realized the documentation isn't super clear about it, but you can lower the threshold with the tolerance setting. Here's an example:

{
   "plugins":["no-secrets"],
   "rules":{
       "no-secrets/no-secrets":["error",{"tolerance":3.2}]
   }
}

I hope this helps!

SaadBazaz commented 9 months ago

Oh! I thought this was the upper limit! I.e. "you can't show errors more than 3.2". It seems like the opposite. Can we fix this in docs?

nickdeis commented 9 months ago

Hey @SaadBazaz , thank you so much for your contribution. I got the message earlier today and I got caught up with work, I think you did an excellent job. Let me know if you are okay with me closing this issue.