JSPM

@namaa03/pushguard

0.6.1
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
    • Downloads 15
    • Score
      100M100P100Q81844F
    • License MIT

    One-time install git push protection with 1000+ provider fingerprints and entropy scanning for leaked tokens.

    Package Exports

      This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@namaa03/pushguard) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

      Readme

      PushGuard 🛡️

      One-time install protection for git push with 1000+ provider/token fingerprints.

      npm install -g pushguard

      That is it.

      After installation, PushGuard automatically installs a global Git pre-push hook. From then on, every normal:

      git push

      will scan only the files in the outgoing commits being pushed. It does not scan your whole phone/home folder.

      If a hardcoded token/API key is found, the push is blocked before the secret reaches GitHub.

      What it catches

      Known fixed provider patterns:

      • Telegram bot tokens
      • GitHub tokens
      • GitLab tokens
      • AWS access keys
      • OpenAI-style keys
      • Anthropic keys
      • Google/Gemini keys
      • Hugging Face tokens
      • NVIDIA API keys
      • Replicate tokens
      • Stripe keys
      • SendGrid keys
      • Mailgun keys
      • Slack tokens/webhooks
      • Discord tokens/webhooks
      • Twilio keys
      • npm tokens
      • PyPI tokens
      • JWTs
      • private keys
      • database URLs
      • bearer tokens
      • .env leaks
      • OpenRouter/Groq/Linear/DigitalOcean/Shopify-style tokens
      • Cloudflare/Azure/Cloudinary provider-context credentials

      Provider intelligence layer:

      • 334 provider families
      • 8,500+ expanded provider/token fingerprints
      • Detects provider-contexted variables like CLOUDFLARE_API_TOKEN, SUPABASE_SERVICE_ROLE, VERCEL_TOKEN, NOTION_SECRET, LINEAR_API_KEY, etc.

      Generic/unknown detection:

      • secret-looking variable names like TOKEN, API_KEY, SECRET, PASSWORD
      • high-entropy random-looking values
      • credential URLs like postgres://user:password@host/db

      No scanner can detect literally every token in the world with 100% accuracy, because new services create new formats and some secrets look like normal strings. PushGuard combines fixed regex rules + provider intelligence + generic entropy detection to catch both known and unknown secrets.

      Install

      From npm after publishing:

      npm install -g pushguard

      From this folder/zip:

      npm install -g .

      The package postinstall automatically runs global setup:

      pushguard install --global --paranoid

      It sets:

      git config --global core.hooksPath ~/.pushguard/hooks

      and creates:

      ~/.pushguard/hooks/pre-push

      Check status

      pushguard status

      Expected:

      PushGuard global status: ACTIVE ✅

      Normal usage

      You do not need to run PushGuard manually.

      Just use Git normally:

      git add .
git commit -m "update"
git push

      PushGuard runs automatically before the push.

      Manual scan

      pushguard scan . --paranoid

      Scan only staged files:

      pushguard scan --staged --paranoid

      Auto-fix mode

      Manual safe fixer:

      pushguard fix --yes

      Global hook with auto-fix attempt:

      pushguard install --auto-fix --paranoid

      Important: if a secret is already inside a commit, PushGuard can edit your working file, but it still blocks the push. You must commit/amend the fix, then push again.

      Termux install from zip

      If the zip is in Android Downloads:

      cd ~
unzip /storage/emulated/0/Download/pushguard-v0.5.zip -d ~
cd ~/pushguard
chmod +x bin/pushguard.js
npm install -g .
pushguard status

      Do not install/run executables directly from Android shared storage if Termux says Permission denied. Copy/unzip into Termux home first.

      Skip auto setup

      If you only want the CLI without installing the global hook:

      PUSHGUARD_SKIP_POSTINSTALL=1 npm install -g pushguard

      Then manually install later:

      pushguard install --paranoid

      Commands

      pushguard scan [path] [--staged|--tracked|--pre-push] [--json] [--paranoid]
pushguard fix [path] [--yes] [--staged|--push-files] [--paranoid]
pushguard install [--local] [--pre-commit|--both] [--auto-fix] [--paranoid]
pushguard status
pushguard uninstall [--local]
pushguard rules
pushguard providers

      Aliases included:

      pushguard
pushgaurd
git-airbag

      Security note

      If PushGuard finds a real token that was already committed or pushed before, do not just remove it. Rotate/revoke the token from the provider dashboard.