@octocodeai/octocode-engine 16.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/README.md +558 -0
  2. package/dist/lsp/client.d.ts +28 -0
  3. package/dist/lsp/client.js +98 -0
  4. package/dist/lsp/config.d.ts +3 -0
  5. package/dist/lsp/config.js +7 -0
  6. package/dist/lsp/evidence.d.ts +4 -0
  7. package/dist/lsp/evidence.js +28 -0
  8. package/dist/lsp/index.d.ts +7 -0
  9. package/dist/lsp/index.js +6 -0
  10. package/dist/lsp/initConstants.d.ts +4 -0
  11. package/dist/lsp/initConstants.js +27 -0
  12. package/dist/lsp/lspClientPool.d.ts +27 -0
  13. package/dist/lsp/lspClientPool.js +87 -0
  14. package/dist/lsp/lspErrorCodes.d.ts +12 -0
  15. package/dist/lsp/lspErrorCodes.js +12 -0
  16. package/dist/lsp/manager.d.ts +23 -0
  17. package/dist/lsp/manager.js +94 -0
  18. package/dist/lsp/native.d.ts +35 -0
  19. package/dist/lsp/native.js +3 -0
  20. package/dist/lsp/resolver.d.ts +26 -0
  21. package/dist/lsp/resolver.js +73 -0
  22. package/dist/lsp/schemas.d.ts +9 -0
  23. package/dist/lsp/schemas.js +30 -0
  24. package/dist/lsp/types.d.ts +85 -0
  25. package/dist/lsp/types.js +1 -0
  26. package/dist/lsp/uri.d.ts +15 -0
  27. package/dist/lsp/uri.js +24 -0
  28. package/dist/lsp/validation.d.ts +6 -0
  29. package/dist/lsp/validation.js +23 -0
  30. package/dist/lsp/workspaceRoot.d.ts +2 -0
  31. package/dist/lsp/workspaceRoot.js +7 -0
  32. package/dist/security/commandUtils.d.ts +1 -0
  33. package/dist/security/commandUtils.js +7 -0
  34. package/dist/security/commandValidator.d.ts +7 -0
  35. package/dist/security/commandValidator.js +472 -0
  36. package/dist/security/contentSanitizer.d.ts +2 -0
  37. package/dist/security/contentSanitizer.js +181 -0
  38. package/dist/security/filePatterns.d.ts +1 -0
  39. package/dist/security/filePatterns.js +209 -0
  40. package/dist/security/ignoredPathFilter.d.ts +3 -0
  41. package/dist/security/ignoredPathFilter.js +72 -0
  42. package/dist/security/index.d.ts +16 -0
  43. package/dist/security/index.js +13 -0
  44. package/dist/security/mask.d.ts +1 -0
  45. package/dist/security/mask.js +49 -0
  46. package/dist/security/maskUtils.d.ts +1 -0
  47. package/dist/security/maskUtils.js +7 -0
  48. package/dist/security/native.d.ts +9 -0
  49. package/dist/security/native.js +161 -0
  50. package/dist/security/paramExtractors.d.ts +7 -0
  51. package/dist/security/paramExtractors.js +75 -0
  52. package/dist/security/pathPatterns.d.ts +1 -0
  53. package/dist/security/pathPatterns.js +26 -0
  54. package/dist/security/pathUtils.d.ts +1 -0
  55. package/dist/security/pathUtils.js +37 -0
  56. package/dist/security/pathValidator.d.ts +22 -0
  57. package/dist/security/pathValidator.js +229 -0
  58. package/dist/security/regexes/ai-providers.d.ts +2 -0
  59. package/dist/security/regexes/ai-providers.js +177 -0
  60. package/dist/security/regexes/analytics.d.ts +2 -0
  61. package/dist/security/regexes/analytics.js +50 -0
  62. package/dist/security/regexes/auth-crypto.d.ts +6 -0
  63. package/dist/security/regexes/auth-crypto.js +255 -0
  64. package/dist/security/regexes/aws.d.ts +2 -0
  65. package/dist/security/regexes/aws.js +68 -0
  66. package/dist/security/regexes/cloudProviders.d.ts +2 -0
  67. package/dist/security/regexes/cloudProviders.js +328 -0
  68. package/dist/security/regexes/communications.d.ts +4 -0
  69. package/dist/security/regexes/communications.js +260 -0
  70. package/dist/security/regexes/databases.d.ts +2 -0
  71. package/dist/security/regexes/databases.js +135 -0
  72. package/dist/security/regexes/devTools.d.ts +2 -0
  73. package/dist/security/regexes/devTools.js +236 -0
  74. package/dist/security/regexes/index.d.ts +3 -0
  75. package/dist/security/regexes/index.js +31 -0
  76. package/dist/security/regexes/monitoring.d.ts +2 -0
  77. package/dist/security/regexes/monitoring.js +92 -0
  78. package/dist/security/regexes/payments-commerce.d.ts +3 -0
  79. package/dist/security/regexes/payments-commerce.js +197 -0
  80. package/dist/security/regexes/types.d.ts +2 -0
  81. package/dist/security/regexes/types.js +1 -0
  82. package/dist/security/regexes/vcs.d.ts +2 -0
  83. package/dist/security/regexes/vcs.js +105 -0
  84. package/dist/security/registry.d.ts +48 -0
  85. package/dist/security/registry.js +156 -0
  86. package/dist/security/securityConstants.d.ts +3 -0
  87. package/dist/security/securityConstants.js +12 -0
  88. package/dist/security/types.d.ts +35 -0
  89. package/dist/security/types.js +1 -0
  90. package/dist/security/withSecurityValidation.d.ts +21 -0
  91. package/dist/security/withSecurityValidation.js +107 -0
  92. package/index.cjs +97 -0
  93. package/index.d.ts +934 -0
  94. package/index.js +652 -0
  95. package/package.json +311 -0
@@ -0,0 +1,328 @@
1
+ export const cloudProviderPatterns = [
2
+ {
3
+ name: 'googleApiKey',
4
+ description: 'Google API key (GCP, Gemini, Maps, YouTube, etc.)',
5
+ regex: /\bAIza[a-zA-Z0-9_-]{30,}\b/g,
6
+ matchAccuracy: 'high',
7
+ },
8
+ {
9
+ name: 'googleOAuth2ClientId',
10
+ description: 'Google OAuth2 client ID',
11
+ regex: /\b[0-9]+-[a-z0-9]+\.apps\.googleusercontent\.com\b/g,
12
+ matchAccuracy: 'high',
13
+ },
14
+ {
15
+ name: 'googleOAuthClientSecret',
16
+ description: 'Google OAuth client secret',
17
+ regex: /\b"client_secret":\s*"[a-zA-Z0-9-_]{24}"\b/g,
18
+ matchAccuracy: 'high',
19
+ },
20
+ {
21
+ name: 'gcpServiceAccountEmail',
22
+ description: 'GCP service account email',
23
+ regex: /\b[a-z0-9-]+@[a-z0-9-]+\.iam\.gserviceaccount\.com\b/g,
24
+ matchAccuracy: 'high',
25
+ },
26
+ {
27
+ name: 'azureStorageConnectionString',
28
+ description: 'Azure storage account connection string',
29
+ regex: /\bDefaultEndpointsProtocol=https?;AccountName=[a-z0-9]+;AccountKey=[a-zA-Z0-9+/]+={0,2};EndpointSuffix=core\.windows\.net\b/g,
30
+ matchAccuracy: 'high',
31
+ },
32
+ {
33
+ name: 'azureSubscriptionId',
34
+ description: 'Azure subscription ID',
35
+ regex: /\b['"]?(?:AZURE|azure)?_?(?:SUBSCRIPTION|subscription)_?(?:ID|id)?['"]?\s*(?::|=>|=)\s*['"]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]?\b/gi,
36
+ matchAccuracy: 'high',
37
+ fileContext: /(?:\.env|config|settings|secrets)/i,
38
+ },
39
+ {
40
+ name: 'azureTenantDomain',
41
+ description: 'Azure tenant domain (onmicrosoft.com)',
42
+ regex: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\.onmicrosoft\.com\b/gi,
43
+ matchAccuracy: 'medium',
44
+ fileContext: /(?:\.env|config|settings|secrets)/i,
45
+ },
46
+ {
47
+ name: 'azureCosmosDbConnectionString',
48
+ description: 'Azure Cosmos DB connection string',
49
+ regex: /\bAccountEndpoint=https:\/\/[a-z0-9-]+\.documents\.azure\.com:443\/;AccountKey=[a-zA-Z0-9+/]+={0,2}\b/g,
50
+ matchAccuracy: 'high',
51
+ },
52
+ {
53
+ name: 'azureServiceBusConnectionString',
54
+ description: 'Azure Service Bus connection string',
55
+ regex: /\bEndpoint=sb:\/\/[a-z0-9-]+\.servicebus\.windows\.net\/;SharedAccessKeyName=[a-zA-Z0-9]+;SharedAccessKey=[a-zA-Z0-9+/]+={0,2}\b/g,
56
+ matchAccuracy: 'high',
57
+ },
58
+ {
59
+ name: 'dropboxAccessToken',
60
+ description: 'Dropbox access token',
61
+ regex: /\bsl\.[a-zA-Z0-9_-]{64}\b/g,
62
+ matchAccuracy: 'high',
63
+ },
64
+ {
65
+ name: 'dropboxAppKey',
66
+ description: 'Dropbox app key',
67
+ regex: /\b[a-z0-9]{15}\.(?:app|apps)\.dropbox\.com\b/g,
68
+ matchAccuracy: 'high',
69
+ },
70
+ {
71
+ name: 'supabaseServiceKey',
72
+ description: 'Supabase personal access token',
73
+ regex: /\bsbp_[a-f0-9]{40}\b/g,
74
+ matchAccuracy: 'high',
75
+ },
76
+ {
77
+ name: 'supabaseSecretKey',
78
+ description: 'Supabase secret API key',
79
+ regex: /\bsb_secret_[a-zA-Z0-9_-]{22}_[a-fA-F0-9]{8}\b/g,
80
+ matchAccuracy: 'high',
81
+ },
82
+ {
83
+ name: 'planetScaleConnectionString',
84
+ description: 'PlanetScale connection string',
85
+ regex: /\bmysql:\/\/[a-zA-Z0-9_-]+:[a-zA-Z0-9_=-]+@[a-z0-9.-]+\.psdb\.cloud\/[a-zA-Z0-9_-]+\?sslaccept=strict\b/g,
86
+ matchAccuracy: 'high',
87
+ },
88
+ {
89
+ name: 'planetScaleToken',
90
+ description: 'PlanetScale API token',
91
+ regex: /\bpscale_tkn_[a-zA-Z0-9_-]{38,43}\b/g,
92
+ matchAccuracy: 'high',
93
+ },
94
+ {
95
+ name: 'sendgridApiKey',
96
+ description: 'SendGrid API key',
97
+ regex: /\bSG\.[A-Za-z0-9_-]{20,22}\.[A-Za-z0-9_-]{43}\b/g,
98
+ matchAccuracy: 'high',
99
+ },
100
+ {
101
+ name: 'mailgunApiKey',
102
+ description: 'Mailgun API key',
103
+ regex: /\bkey-[0-9a-z]{32}\b/g,
104
+ matchAccuracy: 'high',
105
+ },
106
+ {
107
+ name: 'mailchimpApiKey',
108
+ description: 'MailChimp API key',
109
+ regex: /\b[0-9a-f]{32}-us[0-9]{1,2}\b/g,
110
+ matchAccuracy: 'high',
111
+ },
112
+ {
113
+ name: 'telegramBotToken',
114
+ description: 'Telegram bot token',
115
+ regex: /\b[0-9]{8,10}:[A-Za-z0-9_-]{35}\b/g,
116
+ matchAccuracy: 'high',
117
+ },
118
+ {
119
+ name: 'twilioApiKey',
120
+ description: 'Twilio API key',
121
+ regex: /\bSK[a-z0-9]{32}\b/g,
122
+ matchAccuracy: 'high',
123
+ },
124
+ {
125
+ name: 'twilioAccountSid',
126
+ description: 'Twilio account SID',
127
+ regex: /\bAC[0-9a-fA-F]{32}\b/g,
128
+ matchAccuracy: 'high',
129
+ },
130
+ {
131
+ name: 'dockerHubToken',
132
+ description: 'Docker Hub personal access token',
133
+ regex: /\bdckr_pat_[a-zA-Z0-9_]{36}\b/g,
134
+ matchAccuracy: 'high',
135
+ },
136
+ {
137
+ name: 'pypiApiToken',
138
+ description: 'PyPI API token',
139
+ regex: /\bpypi-[a-zA-Z0-9_-]{84}\b/g,
140
+ matchAccuracy: 'high',
141
+ },
142
+ {
143
+ name: 'figmaToken',
144
+ description: 'Figma personal access token',
145
+ regex: /\bfigd_[a-zA-Z0-9_-]{43}\b/g,
146
+ matchAccuracy: 'high',
147
+ },
148
+ {
149
+ name: 'renderToken',
150
+ description: 'Render API token',
151
+ regex: /\brnd_[a-zA-Z0-9_-]{43}\b/g,
152
+ matchAccuracy: 'high',
153
+ },
154
+ {
155
+ name: 'airtablePersonalAccessToken',
156
+ description: 'Airtable personal access token',
157
+ regex: /\bpat[a-zA-Z0-9]{14}\.[a-zA-Z0-9]{64}\b/g,
158
+ matchAccuracy: 'high',
159
+ },
160
+ {
161
+ name: 'typeformToken',
162
+ description: 'Typeform API token',
163
+ regex: /\btfp_[a-zA-Z0-9_-]{43}\b/g,
164
+ matchAccuracy: 'high',
165
+ },
166
+ {
167
+ name: 'intercomAccessToken',
168
+ description: 'Intercom access token',
169
+ regex: /\bdG9rOi[a-zA-Z0-9+/]{46,48}={0,2}\b/g,
170
+ matchAccuracy: 'high',
171
+ },
172
+ {
173
+ name: 'digitalOceanToken',
174
+ description: 'DigitalOcean API token',
175
+ regex: /\bdop_v1_[a-f0-9]{64}\b/g,
176
+ matchAccuracy: 'high',
177
+ },
178
+ {
179
+ name: 'digitalOceanOAuthToken',
180
+ description: 'DigitalOcean OAuth access token',
181
+ regex: /\bdoo_v1_[a-f0-9]{64}\b/g,
182
+ matchAccuracy: 'high',
183
+ },
184
+ {
185
+ name: 'digitalOceanRefreshToken',
186
+ description: 'DigitalOcean OAuth refresh token',
187
+ regex: /\bdor_v1_[a-f0-9]{64}\b/g,
188
+ matchAccuracy: 'high',
189
+ },
190
+ {
191
+ name: 'cloudflareApiKey',
192
+ description: 'Cloudflare API key',
193
+ regex: /\b['"]?(?:cloudflare)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9_-]{40}['"]?\b/gi,
194
+ matchAccuracy: 'medium',
195
+ },
196
+ {
197
+ name: 'cloudflareGlobalApiKey',
198
+ description: 'Cloudflare Global API key',
199
+ regex: /\b['"]?(?:cloudflare)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{37}['"]?\b/gi,
200
+ matchAccuracy: 'medium',
201
+ },
202
+ {
203
+ name: 'cloudflareOriginCaKey',
204
+ description: 'Cloudflare Origin CA key',
205
+ regex: /\bv1\.0-[a-f0-9]{24}-[a-f0-9]{146}\b/g,
206
+ matchAccuracy: 'high',
207
+ },
208
+ {
209
+ name: 'flyioAccessToken',
210
+ description: 'Fly.io API access token',
211
+ regex: /\bfo1_[\w-]{43}\b/g,
212
+ matchAccuracy: 'high',
213
+ },
214
+ {
215
+ name: 'flyioMachineToken',
216
+ description: 'Fly.io machine token',
217
+ regex: /\bfm[12][ar]?_[a-zA-Z0-9+/]{100,}={0,3}\b/g,
218
+ matchAccuracy: 'high',
219
+ },
220
+ {
221
+ name: 'dopplerApiToken',
222
+ description: 'Doppler API token',
223
+ regex: /\bdp\.pt\.[a-z0-9]{43}\b/gi,
224
+ matchAccuracy: 'high',
225
+ },
226
+ {
227
+ name: 'dynatraceApiToken',
228
+ description: 'Dynatrace API token',
229
+ regex: /\bdt0c01\.[a-z0-9]{24}\.[a-z0-9]{64}\b/gi,
230
+ matchAccuracy: 'high',
231
+ },
232
+ {
233
+ name: 'netlifyAccessToken',
234
+ description: 'Netlify access token',
235
+ regex: /\b['"]?(?:netlify)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9=_-]{40,46}['"]?\b/gi,
236
+ matchAccuracy: 'medium',
237
+ },
238
+ {
239
+ name: 'scalingoApiToken',
240
+ description: 'Scalingo API token',
241
+ regex: /\btk-us-[\w-]{48}\b/g,
242
+ matchAccuracy: 'high',
243
+ },
244
+ {
245
+ name: 'infracostApiToken',
246
+ description: 'Infracost API token',
247
+ regex: /\bico-[a-zA-Z0-9]{32}\b/g,
248
+ matchAccuracy: 'high',
249
+ },
250
+ {
251
+ name: 'harnessApiKey',
252
+ description: 'Harness Access Token (PAT or SAT)',
253
+ regex: /\b(?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b/g,
254
+ matchAccuracy: 'high',
255
+ },
256
+ {
257
+ name: 'azureAdClientSecret',
258
+ description: 'Azure AD client secret',
259
+ regex: /(?:^|[\\'"` \s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"` \s<),])/g,
260
+ matchAccuracy: 'high',
261
+ },
262
+ {
263
+ name: 'herokuApiKeyV2',
264
+ description: 'Heroku API key (new format)',
265
+ regex: /\bHRKU-AA[0-9a-zA-Z_-]{58}\b/g,
266
+ matchAccuracy: 'high',
267
+ },
268
+ {
269
+ name: 'microsoftTeamsWebhook',
270
+ description: 'Microsoft Teams incoming webhook URL',
271
+ regex: /https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-(?:[a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-(?:[a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-(?:[a-z0-9]{4}-){3}[a-z0-9]{12}/gi,
272
+ matchAccuracy: 'high',
273
+ },
274
+ {
275
+ name: 'oktaAccessToken',
276
+ description: 'Okta access token',
277
+ regex: /\b['"]?(?:okta)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?00[\w=-]{40}['"]?\b/gi,
278
+ matchAccuracy: 'high',
279
+ },
280
+ {
281
+ name: 'openshiftUserToken',
282
+ description: 'OpenShift user token',
283
+ regex: /\bsha256~[\w-]{43}\b/g,
284
+ matchAccuracy: 'high',
285
+ },
286
+ {
287
+ name: 'denoDeployToken',
288
+ description: 'Deno Deploy access token',
289
+ regex: /\bddp_[a-zA-Z0-9]{40}\b/g,
290
+ matchAccuracy: 'high',
291
+ },
292
+ {
293
+ name: 'resendApiKey',
294
+ description: 'Resend email API key',
295
+ regex: /\bre_[a-zA-Z0-9]{30,}\b/g,
296
+ matchAccuracy: 'high',
297
+ },
298
+ {
299
+ name: 'azureOpenaiApiKey',
300
+ description: 'Azure OpenAI API key',
301
+ regex: /\b['"]?(?:AZURE_OPENAI|azure_openai)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32}['"]?\b/gi,
302
+ matchAccuracy: 'high',
303
+ },
304
+ {
305
+ name: 'railwayApiToken',
306
+ description: 'Railway API token',
307
+ regex: /\b['"]?(?:RAILWAY|railway)_?(?:API|api)?_?(?:TOKEN|token)['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]?\b/gi,
308
+ matchAccuracy: 'high',
309
+ },
310
+ {
311
+ name: 'convexDeployKey',
312
+ description: 'Convex deployment key',
313
+ regex: /\b(?:prod|dev):[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]{40,}\b/g,
314
+ matchAccuracy: 'medium',
315
+ },
316
+ {
317
+ name: 'upstashKafkaCredentials',
318
+ description: 'Upstash Kafka REST credentials',
319
+ regex: /\b['"]?(?:UPSTASH_KAFKA)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9=_-]{40,}['"]?\b/gi,
320
+ matchAccuracy: 'medium',
321
+ },
322
+ {
323
+ name: 'cloudflareApiTokenPrefixed',
324
+ description: 'Cloudflare scannable API credential',
325
+ regex: /\bcf(?:k|ut|at)_[a-zA-Z0-9]{40}[a-fA-F0-9]{8}\b/g,
326
+ matchAccuracy: 'high',
327
+ },
328
+ ];
@@ -0,0 +1,4 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export declare const slackPatterns: SensitiveDataPattern[];
3
+ export declare const socialMediaPatterns: SensitiveDataPattern[];
4
+ export declare const shippingLogisticsPatterns: SensitiveDataPattern[];
@@ -0,0 +1,260 @@
1
+ export const slackPatterns = [
2
+ {
3
+ name: 'slackBotToken',
4
+ description: 'Slack bot token',
5
+ regex: /\bxoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*\b/g,
6
+ matchAccuracy: 'high',
7
+ },
8
+ {
9
+ name: 'slackUserToken',
10
+ description: 'Slack user token',
11
+ regex: /\bxoxp-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*\b/g,
12
+ matchAccuracy: 'high',
13
+ },
14
+ {
15
+ name: 'slackWorkspaceToken',
16
+ description: 'Slack workspace token',
17
+ regex: /\bxoxa-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*\b/g,
18
+ matchAccuracy: 'high',
19
+ },
20
+ {
21
+ name: 'slackRefreshToken',
22
+ description: 'Slack refresh token',
23
+ regex: /\bxoxr-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*\b/g,
24
+ matchAccuracy: 'high',
25
+ },
26
+ {
27
+ name: 'slackWebhookUrl',
28
+ description: 'Slack incoming webhook URL',
29
+ regex: /(?:https?:\/\/)?hooks\.slack\.com\/(?:services|workflows|triggers)\/[A-Za-z0-9+/]{43,56}/gi,
30
+ matchAccuracy: 'high',
31
+ },
32
+ {
33
+ name: 'slackWebhookUrlClassic',
34
+ description: 'Slack classic incoming webhook URL',
35
+ regex: /\bhttps:\/\/hooks\.slack\.com\/services\/[A-Z0-9]{8,12}\/[A-Z0-9]{8,12}\/[A-Za-z0-9]{20,32}\b/g,
36
+ matchAccuracy: 'high',
37
+ fileContext: /(?:\.env|config|settings|secrets)/i,
38
+ },
39
+ {
40
+ name: 'slackAppToken',
41
+ description: 'Slack app-level token',
42
+ regex: /\bxapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+\b/gi,
43
+ matchAccuracy: 'high',
44
+ },
45
+ {
46
+ name: 'slackConfigAccessToken',
47
+ description: 'Slack configuration access token',
48
+ regex: /\bxoxe\.xox[bp]-\d-[A-Z0-9]{163,166}\b/gi,
49
+ matchAccuracy: 'high',
50
+ },
51
+ {
52
+ name: 'sendbirdAccessToken',
53
+ description: 'Sendbird access token',
54
+ regex: /\b['"]?(?:sendbird)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{40}['"]?\b/gi,
55
+ matchAccuracy: 'medium',
56
+ },
57
+ {
58
+ name: 'messagebirdApiToken',
59
+ description: 'MessageBird API token',
60
+ regex: /\b['"]?(?:messagebird|message_bird|message-bird)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{25}['"]?\b/gi,
61
+ matchAccuracy: 'medium',
62
+ },
63
+ {
64
+ name: 'mattermostAccessToken',
65
+ description: 'Mattermost access token',
66
+ regex: /\b['"]?(?:mattermost)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{26}['"]?\b/gi,
67
+ matchAccuracy: 'medium',
68
+ },
69
+ {
70
+ name: 'zendeskSecretKey',
71
+ description: 'Zendesk secret key',
72
+ regex: /\b['"]?(?:zendesk)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{40}['"]?\b/gi,
73
+ matchAccuracy: 'medium',
74
+ },
75
+ {
76
+ name: 'freshdeskApiKey',
77
+ description: 'Freshdesk API key',
78
+ regex: /\b['"]?(?:freshdesk)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{20}['"]?\b/gi,
79
+ matchAccuracy: 'medium',
80
+ },
81
+ {
82
+ name: 'sendinblueApiToken',
83
+ description: 'Sendinblue (Brevo) API token',
84
+ regex: /\bxkeysib-[a-f0-9]{64}-[a-z0-9]{16}\b/g,
85
+ matchAccuracy: 'high',
86
+ },
87
+ {
88
+ name: 'pusherAppSecret',
89
+ description: 'Pusher app secret',
90
+ regex: /\b['"]?(?:PUSHER|pusher)_?(?:APP|app)?_?(?:SECRET|secret)['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{20}['"]?\b/gi,
91
+ matchAccuracy: 'medium',
92
+ },
93
+ {
94
+ name: 'streamApiSecret',
95
+ description: 'Stream (GetStream.io) API secret',
96
+ regex: /\b['"]?(?:STREAM|stream|GETSTREAM)_?(?:API|api)?_?(?:SECRET|secret|KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{40,}['"]?\b/gi,
97
+ matchAccuracy: 'medium',
98
+ },
99
+ {
100
+ name: 'postmarkServerToken',
101
+ description: 'Postmark server API token',
102
+ regex: /\b[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b/g,
103
+ matchAccuracy: 'medium',
104
+ fileContext: /postmark/i,
105
+ },
106
+ {
107
+ name: 'vonageApiSecret',
108
+ description: 'Vonage/Nexmo API secret',
109
+ regex: /\b['"]?(?:VONAGE|NEXMO|vonage|nexmo)_?(?:API|api)?_?(?:SECRET|secret)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{16}['"]?\b/gi,
110
+ matchAccuracy: 'medium',
111
+ },
112
+ {
113
+ name: 'customerIoApiKey',
114
+ description: 'Customer.io API key',
115
+ regex: /\b['"]?(?:CUSTOMERIO|customer_io|CUSTOMER_IO)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32,}['"]?\b/gi,
116
+ matchAccuracy: 'medium',
117
+ },
118
+ ];
119
+ export const socialMediaPatterns = [
120
+ {
121
+ name: 'twitterBearerToken',
122
+ description: 'Twitter/X Bearer token',
123
+ regex: /\bAAAAAAAAAAAAAAAAAAAAA[a-zA-Z0-9%]{50,}\b/g,
124
+ matchAccuracy: 'high',
125
+ },
126
+ {
127
+ name: 'facebookAccessToken',
128
+ description: 'Facebook/Meta access token',
129
+ regex: /\bEAA[a-zA-Z0-9]{80,120}\b/g,
130
+ matchAccuracy: 'high',
131
+ },
132
+ {
133
+ name: 'facebookPageAccessToken',
134
+ description: 'Facebook/Meta page access token',
135
+ regex: /\bEAAB[a-zA-Z0-9+/]{100,}\b/g,
136
+ matchAccuracy: 'high',
137
+ },
138
+ {
139
+ name: 'instagramAccessToken',
140
+ description: 'Instagram access token',
141
+ regex: /\bIGQV[a-zA-Z0-9_-]{100,}\b/g,
142
+ matchAccuracy: 'high',
143
+ },
144
+ {
145
+ name: 'discordSocialBotToken',
146
+ description: 'Discord social bot token',
147
+ regex: /\b[MN][A-Za-z\d]{23}\.[A-Za-z\d-_]{6}\.[A-Za-z\d-_]{27}\b/g,
148
+ matchAccuracy: 'high',
149
+ },
150
+ {
151
+ name: 'discordSocialWebhookUrl',
152
+ description: 'Discord social webhook URL',
153
+ regex: /\bhttps:\/\/discord(?:app)?\.com\/api\/webhooks\/[0-9]{17,19}\/[A-Za-z0-9_-]{68}\b/g,
154
+ matchAccuracy: 'high',
155
+ },
156
+ {
157
+ name: 'pinterestAccessToken',
158
+ description: 'Pinterest access token',
159
+ regex: /\bpina_[a-zA-Z0-9]{32}\b/g,
160
+ matchAccuracy: 'high',
161
+ },
162
+ {
163
+ name: 'linkedinApiToken',
164
+ description: 'LinkedIn API token',
165
+ regex: /\b['"]?(?:linkedin|linked_in|linked-in)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{14,16}['"]?\b/gi,
166
+ matchAccuracy: 'medium',
167
+ },
168
+ {
169
+ name: 'youtubeApiKey',
170
+ description: 'YouTube Data API key',
171
+ regex: /\b['"]?(?:youtube)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?AIza[a-zA-Z0-9_-]{35}['"]?\b/gi,
172
+ matchAccuracy: 'high',
173
+ },
174
+ {
175
+ name: 'tiktokApiToken',
176
+ description: 'TikTok API token',
177
+ regex: /\b['"]?(?:tiktok)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9_-]{40,}['"]?\b/gi,
178
+ matchAccuracy: 'medium',
179
+ },
180
+ ];
181
+ export const shippingLogisticsPatterns = [
182
+ {
183
+ name: 'shippoApiToken',
184
+ description: 'Shippo API token',
185
+ regex: /\bshippo_(?:live|test)_[a-fA-F0-9]{40}\b/g,
186
+ matchAccuracy: 'high',
187
+ },
188
+ {
189
+ name: 'easypostApiToken',
190
+ description: 'EasyPost API token',
191
+ regex: /\bEZAK[a-z0-9]{54}\b/gi,
192
+ matchAccuracy: 'high',
193
+ },
194
+ {
195
+ name: 'easypostTestApiToken',
196
+ description: 'EasyPost test API token',
197
+ regex: /\bEZTK[a-z0-9]{54}\b/gi,
198
+ matchAccuracy: 'high',
199
+ },
200
+ {
201
+ name: 'duffelApiToken',
202
+ description: 'Duffel travel API token',
203
+ regex: /\bduffel_(?:test|live)_[a-z0-9_\-=]{43}\b/gi,
204
+ matchAccuracy: 'high',
205
+ },
206
+ {
207
+ name: 'frameioApiToken',
208
+ description: 'Frame.io API token',
209
+ regex: /\bfio-u-[a-z0-9\-_=]{64}\b/gi,
210
+ matchAccuracy: 'high',
211
+ },
212
+ {
213
+ name: 'maxmindLicenseKey',
214
+ description: 'MaxMind license key',
215
+ regex: /\b[A-Za-z0-9]{6}_[A-Za-z0-9]{29}_mmk\b/g,
216
+ matchAccuracy: 'high',
217
+ },
218
+ {
219
+ name: 'asanaPersonalAccessToken',
220
+ description: 'Asana personal access token',
221
+ regex: /\b['"]?(?:asana)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[0-9]{16}['"]?\b/gi,
222
+ matchAccuracy: 'medium',
223
+ },
224
+ {
225
+ name: 'mondayApiToken',
226
+ description: 'Monday.com API token',
227
+ regex: /\b['"]?(?:monday)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{100,}['"]?\b/gi,
228
+ matchAccuracy: 'medium',
229
+ },
230
+ {
231
+ name: 'trelloApiKey',
232
+ description: 'Trello API key',
233
+ regex: /\b['"]?(?:trello)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32}['"]?\b/gi,
234
+ matchAccuracy: 'medium',
235
+ },
236
+ {
237
+ name: 'jiraApiToken',
238
+ description: 'Jira API token',
239
+ regex: /\b['"]?(?:jira)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{24}['"]?\b/gi,
240
+ matchAccuracy: 'medium',
241
+ },
242
+ {
243
+ name: 'settlemintApplicationAccessToken',
244
+ description: 'SettleMint application access token',
245
+ regex: /\bsm_aat_[a-zA-Z0-9]{16}\b/g,
246
+ matchAccuracy: 'high',
247
+ },
248
+ {
249
+ name: 'settlemintPersonalAccessToken',
250
+ description: 'SettleMint personal access token',
251
+ regex: /\bsm_pat_[a-zA-Z0-9]{16}\b/g,
252
+ matchAccuracy: 'high',
253
+ },
254
+ {
255
+ name: 'settlemintServiceAccessToken',
256
+ description: 'SettleMint service access token',
257
+ regex: /\bsm_sat_[a-zA-Z0-9]{16}\b/g,
258
+ matchAccuracy: 'high',
259
+ },
260
+ ];
@@ -0,0 +1,2 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export declare const databasePatterns: SensitiveDataPattern[];