secretlint is pluggable linting tool to prevent committing credential like SSH private key, GCP Access token, AWS Access Token, Slack Token, and npm auth token.
It is similar one of ESLint, but it is for security.
New Features 🆕
ESM rule support #187
Secretlint allow to load secretlint rule as ESM(ECMAScript modules).
You can write secretlint rule as ESM.
For more details, pleases see document.
📝 Currently TypeSript + Node.js ESM is hard to work.
Secretlint use some workaround for this. For more details, see next issue.
Support secretlint-disable
directive #195
@secretlint/secretlint-rule-filter-comments support disable comment like secretlint-disable
.
This rule is included in @secretlint/secretlint-rule-preset-recommend.
// secretlint-disable -- disable all rules
THIS IS SECRET A
THIS IS SECRET B
THIS IS SECRET C
// secretlint-enable -- enable again
// secretlint-disable-next-line @secretlint/secretlint-rule-secret-alphabet -- disable specific rule in next line
THIS IS SECRET D
THIS IS SECRET E // secretlint-disable-line -- disable current line
If you want to use this directive in shellscript, you can use # secretlint-disable
.
# secretlint-disable-next-line
echo "THIS IS SECRET, BUT IT WILL BE IGNORED"
For more details, see https://github.com/secretlint/secretlint/blob/master/docs/configuration.md
Breaking Changes
use export const creator
instead of export default
#190
Secretlint rule should use named export insteadof default export.
It is caused is thatDynamic Import in CommonJS is broken https://github.com/secretlint/secretlint/issues/190
If you have a secretlint rule, please change following.
- export default creator;
+ export { creator }
Require Node.js 12 and update engines
#193
Now, Secretlint requires Node.js 12+
It aims to support ECMAScript modules.
Secretlint it-self is not Pure ESM package, but we will make it ESM.
Reaction will help us ❤️