@anomira/node-sdk 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +44 -2
- package/dist/cli.cjs +6075 -0
- package/dist/index.cjs +139 -20
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +139 -20
- package/dist/index.js.map +1 -1
- package/package.json +8 -5
package/README.md
CHANGED
|
@@ -118,13 +118,55 @@ if (match?.rule.action === "block") {
|
|
|
118
118
|
|
|
119
119
|
## Secret Scanner CLI
|
|
120
120
|
|
|
121
|
-
Scan your codebase for hardcoded secrets, API keys, and PII before they reach production
|
|
121
|
+
Scan your codebase for hardcoded secrets, API keys, BVN/NIN numbers, and PII before they reach production.
|
|
122
122
|
|
|
123
|
+
Uses three detection layers:
|
|
124
|
+
- **secretlint** — 50+ service-specific rules (AWS, GCP, GitHub, Stripe, Slack, Twilio, SendGrid, PostgreSQL connection strings, and more)
|
|
125
|
+
- **Custom patterns** — Nigerian PII (BVN/NIN), card PANs, phone numbers
|
|
126
|
+
- **Entropy analysis** (`--strict`) — catches unknown high-entropy secrets with no known prefix, using Shannon entropy scoring
|
|
127
|
+
|
|
128
|
+
**Run without installing:**
|
|
129
|
+
```bash
|
|
130
|
+
npx @anomira/node-sdk scan ./src
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
**If `@anomira/node-sdk` is already installed in your project:**
|
|
123
134
|
```bash
|
|
124
135
|
npx anomira scan ./src
|
|
125
136
|
```
|
|
126
137
|
|
|
127
|
-
|
|
138
|
+
**Options:**
|
|
139
|
+
```bash
|
|
140
|
+
npx @anomira/node-sdk scan ./src # scan a directory
|
|
141
|
+
npx @anomira/node-sdk scan . # scan entire project
|
|
142
|
+
npx @anomira/node-sdk scan ./src --strict # enable entropy analysis (catches unknown secrets)
|
|
143
|
+
npx @anomira/node-sdk scan ./src --json # machine-readable JSON output for CI
|
|
144
|
+
npx @anomira/node-sdk scan ./src --quiet # only print violations, no header
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
**What it detects:**
|
|
148
|
+
|
|
149
|
+
| Category | Examples |
|
|
150
|
+
|---|---|
|
|
151
|
+
| Cloud credentials | AWS access keys, GCP service account keys, Azure connection strings |
|
|
152
|
+
| Source control | GitHub tokens (`ghp_`), GitLab tokens (`glpat-`), NPM tokens (`npm_`) |
|
|
153
|
+
| Payment | Stripe keys (`sk_live_`), Paystack keys |
|
|
154
|
+
| Communication | Slack tokens (`xoxb-`), Twilio credentials, SendGrid keys |
|
|
155
|
+
| Database | Connection strings with embedded passwords (`postgresql://user:pass@host`) |
|
|
156
|
+
| Auth | JWT tokens, generic API keys and bearer tokens |
|
|
157
|
+
| Nigerian PII | BVN/NIN (11-digit), card PANs, Nigerian phone numbers |
|
|
158
|
+
| Unknown secrets | High-entropy strings assigned to secret-like variables (`--strict`) |
|
|
159
|
+
|
|
160
|
+
**Add to `package.json` for CI/CD:**
|
|
161
|
+
```json
|
|
162
|
+
{
|
|
163
|
+
"scripts": {
|
|
164
|
+
"scan": "anomira scan ./src --json"
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
Exit code `0` = clean. Exit code `1` = violations found — use in CI to fail the build on leaked secrets.
|
|
128
170
|
|
|
129
171
|
## Environment Variables
|
|
130
172
|
|