@edcalderon/versioning 1.5.5 → 1.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -3
- package/README.md +2 -2
- package/dist/extensions/secrets-check/index.js +17 -3
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,16 +1,29 @@
|
|
|
1
|
-
## [1.5.
|
|
2
|
-
|
|
1
|
+
## [1.5.7](https://github.com/edcalderon/my-second-brain/compare/versioning-v1.5.6...versioning-v1.5.7) (2026-03-23)
|
|
3
2
|
|
|
4
3
|
### Bug Fixes
|
|
5
4
|
|
|
6
|
-
* **
|
|
5
|
+
* **secrets-check:** extend allowlist with regex character-class patterns to prevent false positives on example code in documentation
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
## [1.5.6](https://github.com/edcalderon/my-second-brain/compare/versioning-v1.5.5...versioning-v1.5.6) (2026-03-23)
|
|
10
|
+
|
|
11
|
+
### Features
|
|
7
12
|
|
|
13
|
+
* **secrets-check:** harden extension to v1.1.1 — detect colon-syntax credential leaks (`KEY: value`) in Markdown docs with negative-lookahead allowlist for safe placeholders
|
|
8
14
|
|
|
15
|
+
### Bug Fixes
|
|
9
16
|
|
|
17
|
+
* **secrets-check:** add regression tests for colon-style password detection and placeholder allowlist (`[YOUR_IMAP_PASSWORD]`)
|
|
10
18
|
|
|
11
19
|
|
|
12
20
|
## [1.5.5](https://github.com/edcalderon/my-second-brain/compare/versioning-v1.5.4...versioning-v1.5.5) (2026-03-22)
|
|
13
21
|
|
|
22
|
+
### Bug Fixes
|
|
23
|
+
|
|
24
|
+
* **versioning:** guard against blank changelog sections in readme-maintainer ([1570811](https://github.com/edcalderon/my-second-brain/commit/1570811e4890ee4b376bb7fcae4d7ca065c2bde5))
|
|
25
|
+
|
|
26
|
+
|
|
14
27
|
|
|
15
28
|
|
|
16
29
|
|
package/README.md
CHANGED
|
@@ -8,11 +8,11 @@ A comprehensive versioning and changelog management tool designed for monorepos
|
|
|
8
8
|
|
|
9
9
|
---
|
|
10
10
|
|
|
11
|
-
## 📋 Latest Changes (v1.5.
|
|
11
|
+
## 📋 Latest Changes (v1.5.7)
|
|
12
12
|
|
|
13
13
|
### Bug Fixes
|
|
14
14
|
|
|
15
|
-
* **
|
|
15
|
+
* **secrets-check:** extend allowlist with regex character-class patterns to prevent false positives on example code in documentation
|
|
16
16
|
|
|
17
17
|
For full version history, see [CHANGELOG.md](./CHANGELOG.md) and [GitHub releases](https://github.com/edcalderon/my-second-brain/releases)
|
|
18
18
|
|
|
@@ -56,7 +56,11 @@ const DEFAULT_PATTERNS = [
|
|
|
56
56
|
/_KEY=0x[0-9a-fA-F]{64}/,
|
|
57
57
|
/cast wallet address 0x[0-9a-fA-F]{64}/,
|
|
58
58
|
// Seed phrases
|
|
59
|
-
/MNEMONIC=.{20,}
|
|
59
|
+
/MNEMONIC=.{20,}/,
|
|
60
|
+
// Generic credential assignment patterns (covers docs and YAML-style KEY: value)
|
|
61
|
+
/\b(?:IMAP|SMTP|EMAIL|MAIL)_(?:PASSWORD|PASS)\b\s*[:=]\s*["']?(?!\[?YOUR_|YOUR_|\[?REDACTED|REDACTED|<)[^\s"'`]{6,}/i,
|
|
62
|
+
/\b[A-Z0-9_]*(?:PASSWORD|PASS|SECRET|TOKEN|API_KEY|PRIVATE_KEY|CLIENT_SECRET)\b\s*[:=]\s*["']?(?!\[?YOUR_|YOUR_|\[?REDACTED|REDACTED|<|example|changeme)[^\s"'`]{8,}/,
|
|
63
|
+
/\b(?:imap|smtp|mail|email)\.(?:password|app_password)\b\s*[:=]\s*["']?(?!\[?your_|<)[^\s"'`]{6,}/i
|
|
60
64
|
];
|
|
61
65
|
// Allowlist patterns that are safe
|
|
62
66
|
const DEFAULT_ALLOWLIST = [
|
|
@@ -69,8 +73,18 @@ const DEFAULT_ALLOWLIST = [
|
|
|
69
73
|
"YOUR_LOCAL_PRIVATE_KEY",
|
|
70
74
|
"YOUR_TESTNET_PRIVATE_KEY",
|
|
71
75
|
"your_private_key_here",
|
|
76
|
+
"[YOUR_IMAP_PASSWORD]",
|
|
77
|
+
"[YOUR_SMTP_PASSWORD]",
|
|
78
|
+
"[configured in Secret Manager]",
|
|
79
|
+
"Secret Manager",
|
|
80
|
+
"versioning check-secrets",
|
|
81
|
+
"check-secrets",
|
|
72
82
|
"secretPatterns", // Regex pattern definitions in code
|
|
73
83
|
"BEGIN PRIVATE KEY", // Regex string matching
|
|
84
|
+
"[0-9a-f]", // Regex character class in docs/examples
|
|
85
|
+
"[0-9a-fA-F]", // Hex regex character class in docs/examples
|
|
86
|
+
"[a-f0-9]", // Hex regex character class in docs/examples
|
|
87
|
+
"CUSTOM_API_KEY=", // Documentation example key name
|
|
74
88
|
];
|
|
75
89
|
function checkContentForSecrets(content, patterns, allowlist, filename) {
|
|
76
90
|
const results = [];
|
|
@@ -102,8 +116,8 @@ function checkContentForSecrets(content, patterns, allowlist, filename) {
|
|
|
102
116
|
}
|
|
103
117
|
const extension = {
|
|
104
118
|
name: 'secrets-check',
|
|
105
|
-
description: 'Checks for hardcoded secrets and private keys in staged files',
|
|
106
|
-
version: '1.1.
|
|
119
|
+
description: 'Checks for hardcoded secrets and private keys in staged files, including markdown docs',
|
|
120
|
+
version: '1.1.1',
|
|
107
121
|
register: async (program, config) => {
|
|
108
122
|
// Try to get config from extensionConfig first, fallback to top-level secrets for backcompat
|
|
109
123
|
const extensionConfig = config.extensionConfig?.['secrets-check'];
|