@preship/secrets 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +8 -1
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -607,6 +607,9 @@ function walkDirectory(rootPath, relativePath, files, allowPaths, scanPaths) {
607
607
  if (entry.name.endsWith(".min.js") || entry.name.endsWith(".min.css")) {
608
608
  continue;
609
609
  }
610
+ if (entry.name === ".env" || entry.name.startsWith(".env.")) {
611
+ continue;
612
+ }
610
613
  try {
611
614
  const stats = fs.statSync(path.join(rootPath, entryRelative));
612
615
  if (stats.size > MAX_FILE_SIZE) {
@@ -667,6 +670,10 @@ async function scanSecrets(projectPath, config = {}) {
667
670
  let filesScanned = 0;
668
671
  for (const relativePath of files) {
669
672
  const absolutePath = path2.join(projectPath, relativePath);
673
+ const basename2 = path2.basename(relativePath);
674
+ if (isEnvTemplateFile(basename2)) {
675
+ continue;
676
+ }
670
677
  let content;
671
678
  try {
672
679
  content = fs2.readFileSync(absolutePath, "utf-8");
@@ -787,7 +794,7 @@ function isEnvironmentFile(relativePath) {
787
794
  }
788
795
  function isEnvTemplateFile(basename2) {
789
796
  const lower = basename2.toLowerCase();
790
- return lower === ".env.example" || lower === ".env.sample" || lower === ".env.template" || lower === ".env.defaults" || lower === ".env.dist" || lower.endsWith(".example") || lower.endsWith(".sample") || lower.endsWith(".template");
797
+ return lower === ".env.example" || lower === ".env.sample" || lower === ".env.template" || lower === ".env.defaults" || lower === ".env.dist" || lower === "env.example" || lower === "env.sample" || lower === "env.template" || lower.endsWith(".example") || lower.endsWith(".sample") || lower.endsWith(".template");
791
798
  }
792
799
  function isEntropyNoisyFile(relativePath) {
793
800
  const ext = path2.extname(relativePath).toLowerCase();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@preship/secrets",
3
- "version": "1.0.2",
3
+ "version": "1.0.4",
4
4
  "description": "Secrets detection for PreShip — find leaked API keys, tokens, and credentials before shipping",
5
5
  "author": "Cyfox Inc.",
6
6
  "license": "Apache-2.0",