@octocodeai/octocode-engine 16.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/README.md +558 -0
  2. package/dist/lsp/client.d.ts +28 -0
  3. package/dist/lsp/client.js +98 -0
  4. package/dist/lsp/config.d.ts +3 -0
  5. package/dist/lsp/config.js +7 -0
  6. package/dist/lsp/evidence.d.ts +4 -0
  7. package/dist/lsp/evidence.js +28 -0
  8. package/dist/lsp/index.d.ts +7 -0
  9. package/dist/lsp/index.js +6 -0
  10. package/dist/lsp/initConstants.d.ts +4 -0
  11. package/dist/lsp/initConstants.js +27 -0
  12. package/dist/lsp/lspClientPool.d.ts +27 -0
  13. package/dist/lsp/lspClientPool.js +87 -0
  14. package/dist/lsp/lspErrorCodes.d.ts +12 -0
  15. package/dist/lsp/lspErrorCodes.js +12 -0
  16. package/dist/lsp/manager.d.ts +23 -0
  17. package/dist/lsp/manager.js +94 -0
  18. package/dist/lsp/native.d.ts +35 -0
  19. package/dist/lsp/native.js +3 -0
  20. package/dist/lsp/resolver.d.ts +26 -0
  21. package/dist/lsp/resolver.js +73 -0
  22. package/dist/lsp/schemas.d.ts +9 -0
  23. package/dist/lsp/schemas.js +30 -0
  24. package/dist/lsp/types.d.ts +85 -0
  25. package/dist/lsp/types.js +1 -0
  26. package/dist/lsp/uri.d.ts +15 -0
  27. package/dist/lsp/uri.js +24 -0
  28. package/dist/lsp/validation.d.ts +6 -0
  29. package/dist/lsp/validation.js +23 -0
  30. package/dist/lsp/workspaceRoot.d.ts +2 -0
  31. package/dist/lsp/workspaceRoot.js +7 -0
  32. package/dist/security/commandUtils.d.ts +1 -0
  33. package/dist/security/commandUtils.js +7 -0
  34. package/dist/security/commandValidator.d.ts +7 -0
  35. package/dist/security/commandValidator.js +472 -0
  36. package/dist/security/contentSanitizer.d.ts +2 -0
  37. package/dist/security/contentSanitizer.js +181 -0
  38. package/dist/security/filePatterns.d.ts +1 -0
  39. package/dist/security/filePatterns.js +209 -0
  40. package/dist/security/ignoredPathFilter.d.ts +3 -0
  41. package/dist/security/ignoredPathFilter.js +72 -0
  42. package/dist/security/index.d.ts +16 -0
  43. package/dist/security/index.js +13 -0
  44. package/dist/security/mask.d.ts +1 -0
  45. package/dist/security/mask.js +49 -0
  46. package/dist/security/maskUtils.d.ts +1 -0
  47. package/dist/security/maskUtils.js +7 -0
  48. package/dist/security/native.d.ts +9 -0
  49. package/dist/security/native.js +161 -0
  50. package/dist/security/paramExtractors.d.ts +7 -0
  51. package/dist/security/paramExtractors.js +75 -0
  52. package/dist/security/pathPatterns.d.ts +1 -0
  53. package/dist/security/pathPatterns.js +26 -0
  54. package/dist/security/pathUtils.d.ts +1 -0
  55. package/dist/security/pathUtils.js +37 -0
  56. package/dist/security/pathValidator.d.ts +22 -0
  57. package/dist/security/pathValidator.js +229 -0
  58. package/dist/security/regexes/ai-providers.d.ts +2 -0
  59. package/dist/security/regexes/ai-providers.js +177 -0
  60. package/dist/security/regexes/analytics.d.ts +2 -0
  61. package/dist/security/regexes/analytics.js +50 -0
  62. package/dist/security/regexes/auth-crypto.d.ts +6 -0
  63. package/dist/security/regexes/auth-crypto.js +255 -0
  64. package/dist/security/regexes/aws.d.ts +2 -0
  65. package/dist/security/regexes/aws.js +68 -0
  66. package/dist/security/regexes/cloudProviders.d.ts +2 -0
  67. package/dist/security/regexes/cloudProviders.js +328 -0
  68. package/dist/security/regexes/communications.d.ts +4 -0
  69. package/dist/security/regexes/communications.js +260 -0
  70. package/dist/security/regexes/databases.d.ts +2 -0
  71. package/dist/security/regexes/databases.js +135 -0
  72. package/dist/security/regexes/devTools.d.ts +2 -0
  73. package/dist/security/regexes/devTools.js +236 -0
  74. package/dist/security/regexes/index.d.ts +3 -0
  75. package/dist/security/regexes/index.js +31 -0
  76. package/dist/security/regexes/monitoring.d.ts +2 -0
  77. package/dist/security/regexes/monitoring.js +92 -0
  78. package/dist/security/regexes/payments-commerce.d.ts +3 -0
  79. package/dist/security/regexes/payments-commerce.js +197 -0
  80. package/dist/security/regexes/types.d.ts +2 -0
  81. package/dist/security/regexes/types.js +1 -0
  82. package/dist/security/regexes/vcs.d.ts +2 -0
  83. package/dist/security/regexes/vcs.js +105 -0
  84. package/dist/security/registry.d.ts +48 -0
  85. package/dist/security/registry.js +156 -0
  86. package/dist/security/securityConstants.d.ts +3 -0
  87. package/dist/security/securityConstants.js +12 -0
  88. package/dist/security/types.d.ts +35 -0
  89. package/dist/security/types.js +1 -0
  90. package/dist/security/withSecurityValidation.d.ts +21 -0
  91. package/dist/security/withSecurityValidation.js +107 -0
  92. package/index.cjs +97 -0
  93. package/index.d.ts +934 -0
  94. package/index.js +652 -0
  95. package/package.json +311 -0
@@ -0,0 +1,135 @@
1
+ export const databasePatterns = [
2
+ {
3
+ name: 'postgresqlConnectionString',
4
+ description: 'PostgreSQL connection string with credentials',
5
+ regex: /\bpostgresql:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
6
+ matchAccuracy: 'high',
7
+ },
8
+ {
9
+ name: 'mysqlConnectionString',
10
+ description: 'MySQL connection string with credentials',
11
+ regex: /\bmysql:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
12
+ matchAccuracy: 'high',
13
+ },
14
+ {
15
+ name: 'jdbcConnectionStringWithCredentials',
16
+ description: 'JDBC connection string with embedded credentials',
17
+ regex: /\bjdbc:(?:postgresql|mysql):\/\/[^:]+:[^@]+@[^/\s]+\b/gi,
18
+ matchAccuracy: 'medium',
19
+ fileContext: /(?:\.env|config|settings|secrets)/i,
20
+ },
21
+ {
22
+ name: 'mongodbConnectionString',
23
+ description: 'MongoDB connection string with credentials (incl. mongodb+srv://)',
24
+ regex: /\bmongodb(?:\+srv)?:\/\/[a-zA-Z0-9._%-]+:[a-zA-Z0-9._%-]+@[a-zA-Z0-9._-]+(?::[0-9]+)?(?:\/[a-zA-Z0-9._-]*)?\b/g,
25
+ matchAccuracy: 'high',
26
+ },
27
+ {
28
+ name: 'redisConnectionString',
29
+ description: 'Redis connection string with credentials (incl. rediss:// TLS)',
30
+ regex: /\brediss?:\/\/[a-zA-Z0-9._%-]+:[a-zA-Z0-9._%-]+@[a-zA-Z0-9._-]+:[0-9]+\b/g,
31
+ matchAccuracy: 'high',
32
+ },
33
+ {
34
+ name: 'redisAuthPassword',
35
+ description: 'Redis AUTH password command',
36
+ regex: /^[ \t]*(?:(?:redis-cli(?:[ \t]+|>)|[a-zA-Z0-9_.-]+:\d+>[ \t]*))?AUTH[ \t]+(?:[a-zA-Z0-9_.@-]+[ \t]+)?[a-zA-Z0-9_-]{8,}\b/gm,
37
+ matchAccuracy: 'medium',
38
+ },
39
+ {
40
+ name: 'elasticsearchCredentials',
41
+ description: 'Elasticsearch credentials in URL',
42
+ regex: /\bhttps?:\/\/[^:]+:[^@]+@[^/\s]+:9200\b/gi,
43
+ matchAccuracy: 'high',
44
+ },
45
+ {
46
+ name: 'couchdbCredentials',
47
+ description: 'CouchDB credentials in URL',
48
+ regex: /\bhttp[s]?:\/\/[^:]+:[^@]+@[^/\s]+:5984\b/gi,
49
+ matchAccuracy: 'high',
50
+ },
51
+ {
52
+ name: 'neo4jCredentials',
53
+ description: 'Neo4j database credentials in URL',
54
+ regex: /\bbolt[s]?:\/\/[^:]+:[^@]+@[^/\s]+:7687\b/gi,
55
+ matchAccuracy: 'high',
56
+ },
57
+ {
58
+ name: 'timescaledbConnectionString',
59
+ description: 'TimescaleDB connection string with credentials',
60
+ regex: /\btimescaledb:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
61
+ matchAccuracy: 'high',
62
+ },
63
+ {
64
+ name: 'clickhouseCredentials',
65
+ description: 'ClickHouse connection string with credentials',
66
+ regex: /\bclickhouse:\/\/[^:]+:[^@]+@[^/\s]+:8123\b/gi,
67
+ matchAccuracy: 'high',
68
+ },
69
+ {
70
+ name: 'cassandraConnectionString',
71
+ description: 'Cassandra connection string with credentials',
72
+ regex: /\bcassandra:\/\/[^:]+:[^@]+@[^/\s]+:9042\b/gi,
73
+ matchAccuracy: 'high',
74
+ },
75
+ {
76
+ name: 'faunadbKey',
77
+ description: 'FaunaDB secret key',
78
+ regex: /\bfn[a-zA-Z0-9]{40}\b/g,
79
+ matchAccuracy: 'high',
80
+ },
81
+ {
82
+ name: 'databricksApiToken',
83
+ description: 'Databricks API token',
84
+ regex: /\bdapi[a-f0-9]{32}(?:-\d)?\b/g,
85
+ matchAccuracy: 'high',
86
+ },
87
+ {
88
+ name: 'pineconeApiKey',
89
+ description: 'Pinecone API key',
90
+ regex: /\bpinecone[\s\w]*(?:api|key|env)[\s:=]*["']?[a-zA-Z0-9_-]{32}["']?\b/gi,
91
+ matchAccuracy: 'medium',
92
+ },
93
+ {
94
+ name: 'databaseUrlWithCredentials',
95
+ description: 'Generic database URL with embedded credentials',
96
+ regex: /\b(?:postgres|mysql|mongodb|redis):\/\/[^:]+:[^@]+@[^/\s]+\b/gi,
97
+ matchAccuracy: 'medium',
98
+ },
99
+ {
100
+ name: 'clickhouseCloudApiKey',
101
+ description: 'ClickHouse Cloud API secret key',
102
+ regex: /\b4b1d[A-Za-z0-9]{38}\b/g,
103
+ matchAccuracy: 'high',
104
+ },
105
+ {
106
+ name: 'neonDatabaseConnectionString',
107
+ description: 'Neon database connection string',
108
+ regex: /\bpostgres:\/\/[^:]+:[^@]+@[^/\s]*neon\.tech[^?\s]*\b/gi,
109
+ matchAccuracy: 'high',
110
+ },
111
+ {
112
+ name: 'tursoDatabaseToken',
113
+ description: 'Turso database auth token',
114
+ regex: /\b['"]?(?:turso|libsql)(?:[\s\w.-]{0,20})(?:token|auth)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9._-]{50,}['"]?\b/gi,
115
+ matchAccuracy: 'medium',
116
+ },
117
+ {
118
+ name: 'upstashRedisToken',
119
+ description: 'Upstash Redis REST token',
120
+ regex: /\b['"]?(?:upstash)(?:[\s\w.-]{0,20})(?:token|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9=]{40,}['"]?\b/gi,
121
+ matchAccuracy: 'medium',
122
+ },
123
+ {
124
+ name: 'supabaseJwtKey',
125
+ description: 'Supabase anon or service_role key (JWT format)',
126
+ regex: /\b['"]?(?:SUPABASE|supabase)_?(?:ANON|SERVICE_ROLE|anon|service_role)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?(eyJ[a-zA-Z0-9_-]{100,})['"]?\b/g,
127
+ matchAccuracy: 'high',
128
+ },
129
+ {
130
+ name: 'cockroachdbConnectionString',
131
+ description: 'CockroachDB connection string with credentials',
132
+ regex: /\bpostgresql:\/\/[^:]+:[^@]+@[^/\s]*cockroachlabs\.cloud[^?\s]*\b/gi,
133
+ matchAccuracy: 'high',
134
+ },
135
+ ];
@@ -0,0 +1,2 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export declare const developerToolsPatterns: SensitiveDataPattern[];
@@ -0,0 +1,236 @@
1
+ export const developerToolsPatterns = [
2
+ {
3
+ name: 'npmAccessToken',
4
+ description: 'NPM access token',
5
+ regex: /\bnpm_[a-zA-Z0-9]{36}\b/g,
6
+ matchAccuracy: 'high',
7
+ },
8
+ {
9
+ name: 'nugetApiKey',
10
+ description: 'NuGet API key',
11
+ regex: /\boy2[a-z0-9]{43}\b/g,
12
+ matchAccuracy: 'high',
13
+ },
14
+ {
15
+ name: 'artifactoryApiKey',
16
+ description: 'JFrog Artifactory API key',
17
+ regex: /\bAKCp[A-Za-z0-9]{69}\b/g,
18
+ matchAccuracy: 'high',
19
+ },
20
+ {
21
+ name: 'herokuApiKey',
22
+ description: 'Heroku API key',
23
+ regex: /\bheroku.*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}\b/gi,
24
+ matchAccuracy: 'high',
25
+ },
26
+ {
27
+ name: 'terraformCloudToken',
28
+ description: 'Terraform Cloud API token',
29
+ regex: /\b[a-zA-Z0-9]{14}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9]{16}\b/g,
30
+ matchAccuracy: 'high',
31
+ },
32
+ {
33
+ name: 'pulumiAccessToken',
34
+ description: 'Pulumi access token',
35
+ regex: /\bpul-[a-f0-9]{40}\b/g,
36
+ matchAccuracy: 'high',
37
+ },
38
+ {
39
+ name: 'atlassianApiToken',
40
+ description: 'Atlassian API token (Jira/Confluence)',
41
+ regex: /\bATATT3[A-Za-z0-9_\-=]{186}\b/g,
42
+ matchAccuracy: 'high',
43
+ },
44
+ {
45
+ name: 'sourcegraphApiKey',
46
+ description: 'Sourcegraph API key',
47
+ regex: /\bsgp_[a-zA-Z0-9]{32}\b/g,
48
+ matchAccuracy: 'high',
49
+ },
50
+ {
51
+ name: 'linearApiKey',
52
+ description: 'Linear API key',
53
+ regex: /\blin_api_[0-9A-Za-z]{40}\b/g,
54
+ matchAccuracy: 'high',
55
+ },
56
+ {
57
+ name: 'notionIntegrationToken',
58
+ description: 'Notion integration token (new ntn_ format, post Sept 2024)',
59
+ regex: /\bntn_[a-zA-Z0-9_-]{43}\b/g,
60
+ matchAccuracy: 'high',
61
+ },
62
+ {
63
+ name: 'notionIntegrationTokenLegacy',
64
+ description: 'Notion integration token (legacy secret_ format, pre Sept 2024)',
65
+ regex: /\bsecret_[a-zA-Z0-9]{43}\b/g,
66
+ matchAccuracy: 'high',
67
+ },
68
+ {
69
+ name: 'stackhawkApiKey',
70
+ description: 'StackHawk API key',
71
+ regex: /\bhawk\.[0-9A-Za-z\-_]{20}\.[0-9A-Za-z\-_]{20}\b/g,
72
+ matchAccuracy: 'high',
73
+ },
74
+ {
75
+ name: 'sentryAuthToken',
76
+ description: 'Sentry authentication token',
77
+ regex: /\bsentry[\s\w]*(?:auth|token)[\s:=]*["']?[a-f0-9]{64}["']?\b/gi,
78
+ matchAccuracy: 'medium',
79
+ },
80
+ {
81
+ name: 'bugsnagApiKey',
82
+ description: 'Bugsnag API key',
83
+ regex: /\bbugsnag[\s\w]*(?:api|key)[\s:=]*["']?[a-f0-9]{32}["']?\b/gi,
84
+ matchAccuracy: 'medium',
85
+ },
86
+ {
87
+ name: 'rollbarAccessToken',
88
+ description: 'Rollbar access token',
89
+ regex: /\brollbar[\s\w]*(?:access|token)[\s:=]*["']?[a-f0-9]{32}["']?\b/gi,
90
+ matchAccuracy: 'medium',
91
+ },
92
+ {
93
+ name: 'postmanApiToken',
94
+ description: 'Postman API token',
95
+ regex: /\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b/gi,
96
+ matchAccuracy: 'high',
97
+ },
98
+ {
99
+ name: 'prefectApiToken',
100
+ description: 'Prefect API token',
101
+ regex: /\bpnu_[a-zA-Z0-9]{36}\b/g,
102
+ matchAccuracy: 'high',
103
+ },
104
+ {
105
+ name: 'readmeApiToken',
106
+ description: 'Readme API token',
107
+ regex: /\brdme_[a-z0-9]{70}\b/g,
108
+ matchAccuracy: 'high',
109
+ },
110
+ {
111
+ name: 'rubygemsApiToken',
112
+ description: 'RubyGems API token',
113
+ regex: /\brubygems_[a-f0-9]{48}\b/g,
114
+ matchAccuracy: 'high',
115
+ },
116
+ {
117
+ name: 'clojarsApiToken',
118
+ description: 'Clojars API token',
119
+ regex: /\bCLOJARS_[a-z0-9]{60}\b/gi,
120
+ matchAccuracy: 'high',
121
+ },
122
+ {
123
+ name: 'snykApiToken',
124
+ description: 'Snyk API token',
125
+ regex: /\b['"]?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))['"]?\s*(?::|=>|=)\s*['"]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]?\b/gi,
126
+ matchAccuracy: 'high',
127
+ },
128
+ {
129
+ name: 'sonarqubeToken',
130
+ description: 'SonarQube/SonarCloud token',
131
+ regex: /\b(?:squ_|sqp_|sqa_)[a-z0-9=_-]{40}\b/gi,
132
+ matchAccuracy: 'high',
133
+ },
134
+ {
135
+ name: 'travisciAccessToken',
136
+ description: 'Travis CI access token',
137
+ regex: /\b['"]?(?:travis)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{22}['"]?\b/gi,
138
+ matchAccuracy: 'medium',
139
+ },
140
+ {
141
+ name: 'codecovAccessToken',
142
+ description: 'Codecov access token',
143
+ regex: /\b['"]?(?:codecov)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
144
+ matchAccuracy: 'medium',
145
+ },
146
+ {
147
+ name: 'droneCiAccessToken',
148
+ description: 'DroneCI access token',
149
+ regex: /\b['"]?(?:droneci|drone)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
150
+ matchAccuracy: 'medium',
151
+ },
152
+ {
153
+ name: 'octopusDeployApiKey',
154
+ description: 'Octopus Deploy API key',
155
+ regex: /\bAPI-[A-Z0-9]{26}\b/g,
156
+ matchAccuracy: 'high',
157
+ },
158
+ {
159
+ name: 'circleciToken',
160
+ description: 'CircleCI personal API token',
161
+ regex: /\b['"]?(?:circleci|circle)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{40}['"]?\b/gi,
162
+ matchAccuracy: 'medium',
163
+ },
164
+ {
165
+ name: 'buildkiteAgentToken',
166
+ description: 'Buildkite agent token',
167
+ regex: /\bbkagent_[a-f0-9]{40}\b/g,
168
+ matchAccuracy: 'high',
169
+ },
170
+ {
171
+ name: 'launchdarklyAccessToken',
172
+ description: 'LaunchDarkly access token',
173
+ regex: /\b['"]?(?:launchdarkly)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9=_-]{40}['"]?\b/gi,
174
+ matchAccuracy: 'medium',
175
+ },
176
+ {
177
+ name: 'algoliaApiKey',
178
+ description: 'Algolia API key',
179
+ regex: /\b['"]?(?:algolia)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
180
+ matchAccuracy: 'medium',
181
+ },
182
+ {
183
+ name: 'clerkSecretKey',
184
+ description: 'Clerk secret key',
185
+ regex: /\bsk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
186
+ matchAccuracy: 'high',
187
+ },
188
+ {
189
+ name: 'clerkPublishableKey',
190
+ description: 'Clerk publishable key',
191
+ regex: /\bpk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
192
+ matchAccuracy: 'medium',
193
+ },
194
+ {
195
+ name: 'launchdarklySdkKey',
196
+ description: 'LaunchDarkly SDK key',
197
+ regex: /\bsdk-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\b/g,
198
+ matchAccuracy: 'high',
199
+ },
200
+ {
201
+ name: 'vercelOidcToken',
202
+ description: 'Vercel OIDC token',
203
+ regex: /\b['"]?(?:VERCEL_OIDC_TOKEN)['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{100,}['"]?\b/g,
204
+ matchAccuracy: 'high',
205
+ },
206
+ {
207
+ name: 'novuApiKey',
208
+ description: 'Novu API key',
209
+ regex: /\b['"]?(?:NOVU|novu)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{32,}['"]?\b/gi,
210
+ matchAccuracy: 'medium',
211
+ },
212
+ {
213
+ name: 'triggerDevApiKey',
214
+ description: 'Trigger.dev API key',
215
+ regex: /\btr_(?:dev|prod)_[a-zA-Z0-9]{20,}\b/g,
216
+ matchAccuracy: 'high',
217
+ },
218
+ {
219
+ name: 'nxCloudAccessToken',
220
+ description: 'Nx Cloud access token',
221
+ regex: /\b['"]?(?:NX_CLOUD_ACCESS_TOKEN|nxCloudAccessToken)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{36,}['"]?\b/g,
222
+ matchAccuracy: 'medium',
223
+ },
224
+ {
225
+ name: 'depotToken',
226
+ description: 'Depot.dev build token',
227
+ regex: /\bdpt_[a-zA-Z0-9]{40,}\b/g,
228
+ matchAccuracy: 'high',
229
+ },
230
+ {
231
+ name: 'grafbaseApiKey',
232
+ description: 'Grafbase API key',
233
+ regex: /\b['"]?(?:GRAFBASE|grafbase)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{50,}['"]?\b/gi,
234
+ matchAccuracy: 'medium',
235
+ },
236
+ ];
@@ -0,0 +1,3 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export type { SensitiveDataPattern };
3
+ export declare const allRegexPatterns: SensitiveDataPattern[];
@@ -0,0 +1,31 @@
1
+ import { aiProviderPatterns } from './ai-providers.js';
2
+ import { analyticsModernPatterns } from './analytics.js';
3
+ import { authPatterns, codeConfigPatterns, cryptographicPatterns, privateKeyPatterns, genericSecretPatterns, } from './auth-crypto.js';
4
+ import { awsPatterns } from './aws.js';
5
+ import { cloudProviderPatterns } from './cloudProviders.js';
6
+ import { slackPatterns, socialMediaPatterns, shippingLogisticsPatterns, } from './communications.js';
7
+ import { databasePatterns } from './databases.js';
8
+ import { developerToolsPatterns } from './devTools.js';
9
+ import { mappingMonitoringPatterns } from './monitoring.js';
10
+ import { paymentProviderPatterns, ecommerceContentPatterns, } from './payments-commerce.js';
11
+ import { versionControlPatterns } from './vcs.js';
12
+ export const allRegexPatterns = [
13
+ ...aiProviderPatterns,
14
+ ...analyticsModernPatterns,
15
+ ...authPatterns,
16
+ ...awsPatterns,
17
+ ...cloudProviderPatterns,
18
+ ...codeConfigPatterns,
19
+ ...cryptographicPatterns,
20
+ ...databasePatterns,
21
+ ...developerToolsPatterns,
22
+ ...ecommerceContentPatterns,
23
+ ...genericSecretPatterns,
24
+ ...mappingMonitoringPatterns,
25
+ ...paymentProviderPatterns,
26
+ ...privateKeyPatterns,
27
+ ...shippingLogisticsPatterns,
28
+ ...slackPatterns,
29
+ ...socialMediaPatterns,
30
+ ...versionControlPatterns,
31
+ ];
@@ -0,0 +1,2 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export declare const mappingMonitoringPatterns: SensitiveDataPattern[];
@@ -0,0 +1,92 @@
1
+ export const mappingMonitoringPatterns = [
2
+ {
3
+ name: 'mapboxSecretToken',
4
+ description: 'Mapbox secret access token',
5
+ regex: /\bsk\.eyJ[a-zA-Z0-9._-]{87}\b/g,
6
+ matchAccuracy: 'high',
7
+ },
8
+ {
9
+ name: 'mapboxPublicToken',
10
+ description: 'Mapbox public access token',
11
+ regex: /\bpk\.eyJ[a-zA-Z0-9._-]{80,}\b/g,
12
+ matchAccuracy: 'high',
13
+ },
14
+ {
15
+ name: 'grafanaCloudApiKey',
16
+ description: 'Grafana Cloud API key',
17
+ regex: /\bglc_[a-zA-Z0-9]{32}\b/g,
18
+ matchAccuracy: 'high',
19
+ },
20
+ {
21
+ name: 'newRelicApiKey',
22
+ description: 'New Relic API key',
23
+ regex: /\bNRAK-[A-Z0-9]{27}\b/g,
24
+ matchAccuracy: 'high',
25
+ },
26
+ {
27
+ name: 'newRelicInsightKey',
28
+ description: 'New Relic Insights query key',
29
+ regex: /\bNRIK-[A-Z0-9]{32}\b/g,
30
+ matchAccuracy: 'high',
31
+ },
32
+ {
33
+ name: 'newRelicBrowserApiToken',
34
+ description: 'New Relic browser API token',
35
+ regex: /\bNRJS-[a-f0-9]{19}\b/g,
36
+ matchAccuracy: 'high',
37
+ },
38
+ {
39
+ name: 'newRelicInsertKey',
40
+ description: 'New Relic ingest insert key',
41
+ regex: /\bNRII-[a-z0-9-]{32}\b/gi,
42
+ matchAccuracy: 'high',
43
+ },
44
+ {
45
+ name: 'grafanaApiKey',
46
+ description: 'Grafana API key',
47
+ regex: /\beyJrIjoi[A-Za-z0-9]{70,400}={0,3}\b/gi,
48
+ matchAccuracy: 'high',
49
+ },
50
+ {
51
+ name: 'grafanaServiceAccountToken',
52
+ description: 'Grafana service account token',
53
+ regex: /\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b/g,
54
+ matchAccuracy: 'high',
55
+ },
56
+ {
57
+ name: 'sentryOrgToken',
58
+ description: 'Sentry organization token',
59
+ regex: /\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\b/g,
60
+ matchAccuracy: 'high',
61
+ },
62
+ {
63
+ name: 'sentryUserToken',
64
+ description: 'Sentry user token',
65
+ regex: /\bsntryu_[a-f0-9]{64}\b/g,
66
+ matchAccuracy: 'high',
67
+ },
68
+ {
69
+ name: 'sumoLogicAccessId',
70
+ description: 'SumoLogic access ID',
71
+ regex: /\b['"]?(?:sumo)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?su[a-zA-Z0-9]{12}['"]?\b/gi,
72
+ matchAccuracy: 'high',
73
+ },
74
+ {
75
+ name: 'splunkApiToken',
76
+ description: 'Splunk HEC token',
77
+ regex: /\b['"]?(?:splunk)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]?\b/gi,
78
+ matchAccuracy: 'medium',
79
+ },
80
+ {
81
+ name: 'logdnaApiKey',
82
+ description: 'LogDNA/Mezmo API key',
83
+ regex: /\b['"]?(?:logdna|mezmo)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32}['"]?\b/gi,
84
+ matchAccuracy: 'medium',
85
+ },
86
+ {
87
+ name: 'logglyToken',
88
+ description: 'Loggly customer token',
89
+ regex: /\b['"]?(?:loggly)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]?\b/gi,
90
+ matchAccuracy: 'medium',
91
+ },
92
+ ];
@@ -0,0 +1,3 @@
1
+ import type { SensitiveDataPattern } from './types.js';
2
+ export declare const paymentProviderPatterns: SensitiveDataPattern[];
3
+ export declare const ecommerceContentPatterns: SensitiveDataPattern[];