JSPM

aiignore-cli

1.0.2
    • ESM via JSPM
    • ES Module Entrypoint
    • Export Map
    • Keywords
    • License
    • Repository URL
    • TypeScript Types
    • README
    • Created
    • Published
    • Downloads 20
    • Score
      100M100P100Q50375F
    • License Apache-2.0

    One command to protect your secrets from all AI coding tools

    Package Exports

    • aiignore-cli
    • aiignore-cli/dist/index.js

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (aiignore-cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    aiignore

    One command to protect your secrets from all AI coding tools.

    Every AI tool has a different ignore mechanism — .cursorignore, .geminiignore, .codeiumignore, .claude/settings.json, .aiignore — each with its own quirks and undocumented bypass bugs. aiignore scans your project, detects which tools you use, and generates the right config for each one.

    Quick Start

    npx aiignore-cli init

    Or install globally:

    npm install -g aiignore-cli
aiignore init

    Requires Node.js 18+.

    Why not just create the files manually?

    You could. A .cursorignore takes 30 seconds to write. But:

    • Do you know that Cursor also needs .cursorignore, Claude Code needs settings.json deny rules, Gemini CLI needs .geminiignore, JetBrains needs .aiignore, and Windsurf still uses .codeiumignore?
    • Do you know that Cursor's ignore is "best-effort" with 2 known CVEs, that Gemini's negation patterns are broken, or that Copilot has no ignore file at all?
    • Do you want to research each tool's format every time you set up a new project?

    aiignore does the research for you. The security data behind each tool is the real value — the CLI just applies it.

    Commands

    aiignore init

    aiignore init

    aiignore verify

    aiignore verify

    aiignore                             # same as aiignore init
aiignore init                        # auto-detect and generate
aiignore init --all                  # all tools, skip detection
aiignore init --only cursor          # single tool
aiignore init --only cursor,gemini   # multiple tools (comma-separated)
aiignore init --append               # add missing patterns to existing files
aiignore init --dry-run              # preview only
aiignore init --force                # overwrite existing files
aiignore init -q                     # quiet mode (no output)

aiignore verify                      # protection status table
aiignore verify --ci                 # exit 1 if unprotected
aiignore verify --strict             # exit 1 if any tool is unreliable
aiignore verify --json               # machine-readable output

aiignore list                        # show supported tools and aliases

    Tool Support

    Tool File Generated Reliability Key Issue
    Cursor .cursorignore Low "best-effort", agent bypass, @ reference bypass
    Claude Code .claude/settings.json Medium Read() deny covers Bash too (tested)
    Copilot guide only None no ignore file exists for individual devs
    Gemini CLI .geminiignore Low negation patterns broken, self-blocks .env/.pem
    JetBrains AI .aiignore High most reliable; AI redacts sensitive filenames
    Windsurf .codeiumignore Medium negation can't override .gitignore

    What Gets Protected

    Patterns are sourced from built-in defaults + security-related entries in your .gitignore:

    Category Patterns
    Environment .env, .env.*, .env.local
    Credentials credentials.json, service-account*.json, *secret*, token.json
    Keys *.pem, *.key, *.p12, *.pfx, *.jks
    SSH .ssh/, id_rsa*, id_ed25519*, id_ecdsa*
    Cloud .aws/, .gcp/, .azure/, gcloud/
    App Secrets config/secrets.yml, config/master.key, vault.json
    Database *.sqlite, *.db, dump.sql
    Certificates *.crt, *.cer, *.ca-bundle

    Tool Aliases

    --only accepts these names (comma-separated):

    cursor                     -> Cursor
claude / claude-code       -> Claude Code
copilot                    -> GitHub Copilot
gemini / gemini-cli        -> Gemini CLI
jetbrains / jb             -> JetBrains AI
windsurf / codeium         -> Windsurf/Codeium

    Run aiignore list to see all tools and aliases.

    Limitations

    No AI tool guarantees 100% file exclusion. All tools share a common weakness: agent/terminal modes can bypass ignore files by running shell commands directly. Copilot has no ignore mechanism at all for individual developers.

    This tool is one layer of defense. For production secrets, also use a secrets manager, pre-commit hooks (gitleaks, trufflehog), and keep secrets out of your project directory entirely.

    For per-tool details (CVEs, known bugs, tested behavior), see AI Coding Tool Security Reference.

    License

    Apache-2.0