noSecrets
诊断类别:lint/nursery/noSecrets
¥Diagnostic Category: lint/nursery/noSecrets
自从:v1.9.0
¥Since: v1.9.0
来源:
¥Sources:
-
¥Inspired from:
no-secrets/no-secrets
禁止使用敏感数据,例如 API 密钥和令牌。
¥Disallow usage of sensitive data such as API keys and tokens.
此规则检查高熵字符串并匹配机密的常见模式,例如 AWS 密钥、Slack 令牌和私钥。
¥This rule checks for high-entropy strings and matches common patterns for secrets, such as AWS keys, Slack tokens, and private keys.
虽然这条规则很有用,但并非万无一失。始终仔细检查你的代码并考虑实现额外的安全措施,例如在你的 CI/CD 和 git 管道中进行自动秘密扫描,例如 GitGuardian 或 GitHub 保护。
¥While this rule is helpful, it’s not infallible. Always review your code carefully and consider implementing additional security measures like automated secret scanning in your CI/CD and git pipeline, such as GitGuardian or GitHub protections.
¥Examples
¥Invalid
const secret = "AKIA1234567890EXAMPLE";code-block.js:1:16 lint/nursery/noSecrets ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠ Potential secret found.
> 1 │ const secret = “AKIA1234567890EXAMPLE”;
│ ^^^^^^^^^^^^^^^^^^^^^^^
2 │
ℹ Type of secret detected: AWS API Key
ℹ Storing secrets in source code is a security risk. Consider the following steps:
1. Remove the secret from your code. If you’ve already committed it, consider removing the commit entirely from your git tree.
2. If needed, use environment variables or a secure secret management system to store sensitive data.
3. If this is a false positive, consider adding an inline disable comment.
¥Valid
const nonSecret = "hello world";¥Related links