npm - oxlint-plugin-react-doctor - Versions diffs - 0.2.13 → 0.2.14-dev.3ceb748 - Mend

oxlint-plugin-react-doctor 0.2.13 → 0.2.14-dev.3ceb748

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +12 -0
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -20758,6 +20758,17 @@ const SECRET_PATTERNS = [
 	/^xox[bporas]-/,
 	/^sk-[a-zA-Z0-9]{32,}$/
 ];
+const PUBLIC_CLIENT_KEY_PATTERNS = [
+	/^appl_/,
+	/^goog_/,
+	/^amzn_/,
+	/^strp_/,
+	/^pk_(?:live|test)_/,
+	/^sb_publishable_/,
+	/^phc_/,
+	/^public-token-(?:live|test)-/,
+	/^pk\.eyJ/
+];
 const SECRET_VARIABLE_PATTERN = /(?:api_?key|secret|token|password|credential|auth)/i;
 const SECRET_TOOLING_FILE_PATTERN = /(?:^|\/)[^/]+\.config\.[cm]?[jt]s$/;
 const SECRET_TOOLING_RC_FILE_PATTERN = /(?:^|\/)(?:\.[a-z-]+rc|[a-z-]+\.rc)\.[cm]?[jt]s$/;
@@ -21070,6 +21081,7 @@ const noSecretsInClientCode = defineRule({
 				if (!isNodeOfType(node.init, "Literal") || typeof node.init.value !== "string") return;
 				const variableName = node.id.name;
 				const literalValue = node.init.value;
+				if (PUBLIC_CLIENT_KEY_PATTERNS.some((pattern) => pattern.test(literalValue))) return;
 				const isServerOnlyScope = isInsideServerOnlyScope(node);
 				const trailingSuffix = getIdentifierTrailingWord(variableName);
 				const isUiConstant = SECRET_FALSE_POSITIVE_SUFFIXES.has(trailingSuffix);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "oxlint-plugin-react-doctor",
-  "version": "0.2.13",
+  "version": "0.2.14-dev.3ceb748",
   "description": "oxlint plugin for React Doctor: diagnose React codebases for security, performance, correctness, accessibility, bundle-size, and architecture issues",
   "keywords": [
     "accessibility",