🛡🔑 Secretlint 4.0.0: Support ESM rule and secretlint-disable directive

azu - Sep 15 '21 - - Dev Community

secretlint is pluggable linting tool to prevent committing credential like SSH private key, GCP Access token, AWS Access Token, Slack Token, and npm auth token.

It is similar one of ESLint, but it is for security.

New Features 🆕

ESM rule support #187

Secretlint allow to load secretlint rule as ESM(ECMAScript modules).
You can write secretlint rule as ESM.

For more details, pleases see document.

📝 Currently TypeSript + Node.js ESM is hard to work.
Secretlint use some workaround for this. For more details, see next issue.

Support secretlint-disable directive #195

@secretlint/secretlint-rule-filter-comments support disable comment like secretlint-disable.

This rule is included in @secretlint/secretlint-rule-preset-recommend.

// secretlint-disable -- disable all rules

THIS IS SECRET A
THIS IS SECRET B
THIS IS SECRET C

// secretlint-enable -- enable again

// secretlint-disable-next-line @secretlint/secretlint-rule-secret-alphabet -- disable specific rule in next line
THIS IS SECRET D
THIS IS SECRET E // secretlint-disable-line -- disable current line
Enter fullscreen mode Exit fullscreen mode

If you want to use this directive in shellscript, you can use # secretlint-disable.

# secretlint-disable-next-line
echo "THIS IS SECRET, BUT IT WILL BE IGNORED"
Enter fullscreen mode Exit fullscreen mode

For more details, see https://github.com/secretlint/secretlint/blob/master/docs/configuration.md

Breaking Changes

use export const creator instead of export default #190

Secretlint rule should use named export insteadof default export.
It is caused is thatDynamic Import in CommonJS is broken https://github.com/secretlint/secretlint/issues/190

If you have a secretlint rule, please change following.

- export default creator;
+ export { creator }
Enter fullscreen mode Exit fullscreen mode

Require Node.js 12 and update engines #193

Now, Secretlint requires Node.js 12+
It aims to support ECMAScript modules.

Secretlint it-self is not Pure ESM package, but we will make it ESM.


Reaction will help us ❤️

. . . . . . . . . . . . . . . . . . .