@secretlint/secretlint-rule-npm

A secretlint rule for npm.

Install

Install with npm:

npm install @secretlint/secretlint-rule-npm

Usage

Via .secretlintrc.json(Recommended)

{
    "rules": [
        {
            "id": "@secretlint/secretlint-rule-npm"
        }
    ]
}

MessageIDs

PackageJSON_xOauthToken

found GitHub Token: {{TOKEN}}

Disallow to use https://<token>@github.com/owner/repo.git in package.json or package-lock.json.

Often, https://<token>@github.com/owner/repo.git is used for installing module from private repository.

• Easier builds and deployments using Git over HTTPS and OAuth - The GitHub Blog

If you want to use some module as private, please use private registry like npm, GitHub Package Registry, or Verdaccio.

• About private packages | npm Documentation

Npmrc_authToken

found npmrc authToken: {{TOKEN}}

Disallow to include <registry>:_authToken=<TOKEN> in .npmrc.

The TOKEN is credential data.

• npm - Using auth tokens in .npmrc - Stack Overflow

NPM_ACCESS_TOKEN

found npm access token: {{TOKEN}}

Disallow to include npm access token.

The TOKEN is credential data.

• About access tokens | npm Docs
• Announcing npm’s new access token format | The GitHub Blog

Options

• allows: string[]
  • Allows a list of RegExp-like String

Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

1. Fork it!
2. Create your feature branch: git checkout -b my-new-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request :D

Author

• github/azu
• twitter/azu_re

License

MIT © azu