Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (secure-scan-js) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
secure-scan-js
A JavaScript implementation of Yelp's detect-secrets tool, with no Python dependency required.
This package provides the same functionality as Yelp's detect-secrets but implemented in JavaScript using WebAssembly technology, eliminating the need for Python installation.
Features
- No Python Required: Uses WebAssembly to run the scanning code directly in Node.js
- Easy Installation: Simple npm installation with no external dependencies
- Fast Scanning: Efficiently scans files and directories for secrets
- Customizable: Configure exclusions, scan specific directories, and more
- False Positive Detection: Identifies likely false positives to reduce noise
- Missed Secret Detection: Optional detection of patterns that might be missed by the main scanner
- Compatible API: Similar interface to Yelp's detect-secrets for easy migration
- Memory Efficient: Automatically skips binary files and handles large codebases
Installation
npm install -g secure-scan-jsUsage
Command Line
# Scan the current directory
secure-scan-js
# Scan a specific directory
secure-scan-js --directory ./src
# Exclude specific files or directories
secure-scan-js --exclude-files "*.test.js,*.spec.js" --exclude-dirs "node_modules,dist"
# Check for potentially missed secrets
secure-scan-js --check-missed
# Save results to a file
secure-scan-js --output results.json
# Enable file size limits to prevent memory issues with very large files
secure-scan-js --limit-file-size
# Set a custom maximum file size (in KB) when limits are enabled
secure-scan-js --limit-file-size --max-file-size 2048API
const detectSecrets = require("secure-scan-js");
async function scanMyProject() {
// Initialize the WebAssembly module (required before scanning)
await detectSecrets.initialize();
// Scan a directory
const results = await detectSecrets.scanDirectory("./src", {
excludeFiles: ["*.test.js", "*.spec.js"],
excludeDirs: ["node_modules", "dist"],
checkMissed: true,
limitFileSize: false, // Set to true to enable file size limits
maxFileSize: 2 * 1024 * 1024, // Custom max file size in bytes (2MB) when limits are enabled
});
console.log(`Found ${results.secrets.length} secrets`);
// Scan a specific file
const fileResults = await detectSecrets.scanFile("./config.js");
// Scan a string
const contentResults = await detectSecrets.scanContent(
'const apiKey = "1234567890abcdef";',
"example.js"
);
}
scanMyProject().catch(console.error);Options
| Option | CLI Flag | Description |
|---|---|---|
directory |
-d, --directory <path> |
Directory to scan (default: current directory) |
root |
-r, --root |
Scan from project root |
excludeFiles |
-e, --exclude-files <patterns> |
File patterns to exclude (comma-separated) |
excludeDirs |
-x, --exclude-dirs <patterns> |
Directory patterns to exclude (comma-separated) |
checkMissed |
-m, --check-missed |
Check for potentially missed secrets |
verbose |
-v, --verbose |
Include additional information |
output |
-o, --output <file> |
Output file path |
limitFileSize |
-l, --limit-file-size |
Enable file size limits to prevent memory issues |
maxFileSize |
--max-file-size <size> |
Maximum file size to scan in KB (default: no limit) |
How It Works
This package implements the same secret detection patterns as Yelp's detect-secrets but uses WebAssembly technology to eliminate the Python dependency. The scanning is performed using a combination of regex patterns to detect common secret formats.
The first time you run the tool, it will download and initialize the WebAssembly environment. This may take a few seconds, but subsequent runs will be faster.
Memory Management
By default, the tool will scan all files regardless of size, but you can enable memory protection features:
- Binary File Detection: Automatically skips binary files like images, executables, and compressed files
- Optional Size Limits: Use
--limit-file-sizeto enable file size limits - Custom Size Limits: Set your own maximum file size with
--max-file-size - Automatic Truncation: Very large text files can be truncated to prevent memory issues
Types of Secrets Detected
The tool can detect a wide range of secrets, including:
- API Keys (Google, Stripe, etc.)
- AWS Access Keys and Secret Keys
- Private Keys (RSA, DSA, etc.)
- Database Connection Strings
- JWT Tokens
- GitHub Tokens
- OAuth Tokens
- Generic Passwords and Secrets
Testing
You can run basic tests with:
cd wasm-version
npm run build
node test/test.jsComparison with Yelp's detect-secrets
This package is inspired by and compatible with Yelp's detect-secrets but offers several advantages:
- No Python Dependency: Works without requiring Python installation
- Easier Installation: Simple npm installation process
- JavaScript Native: Fully integrated with Node.js ecosystem
- Similar Detection Patterns: Implements the same secret detection patterns
- Memory Efficient: Better handling of large repositories and binary files
Version History
v2.1.1
- Removed example files containing secrets to avoid GitHub secret scanning
- Updated test files to use safe example values
- Fixed repository URLs
v2.1.0
- Removed default file size limits to scan all files by default
- Added comprehensive secret type documentation
- Fixed minor bugs and improved error handling
v2.0.0
- Complete rewrite using WebAssembly technology
- Removed Python dependency requirement
- Enhanced pattern matching for better secret detection
- Improved performance and cross-platform compatibility
- Added memory-efficient handling of large repositories
License
MIT