DEV Community

loading...

secretlint v3.0 support GitHub’s new authentication token detection

azu
JavaScript/ECMAScript/textlint/secretlint/HonKit
・2 min read

secretlint is a pluggable linting tool to prevent committing credential.

secretlint is similar tools to git-secrets, but it is more flexible and support more credentials.

secretlint v3.0 support new GitHub Token format.

Recently, GitHub introduce new authentication token format.

The character set changed from [a-f0-9] to [A-Za-z0-9_]
The format now includes a prefix for each token type:
ghp_ for Personal Access Tokens
gho_ for OAuth Access tokens
ghu_ for GitHub App user-to-server tokens
ghs_ for GitHub App server-to-server tokens
ghr_ for GitHub App refresh tokens

secretlint support them!

Usage

You can use secretlint as Docker Container or Node.js CLI.

If you already have installed Docker:

docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"
Enter fullscreen mode Exit fullscreen mode

If you already have installed Node.js:

npx @secretlint/quick-start "**/*"
Enter fullscreen mode Exit fullscreen mode

secretlint also support custom rules like ESLint.
If you want to configure it, please see secretlint documenataion.

You can setup pre-commit Hook per project or pre-commit Hook globally.
This git's pre-commit prevent you to commit your credentials like GitHub Token, SSH key, AWS crendentials.

If you want to know about secretlint, please visit secretlint/secretlint.

Discussion (0)