Lines 161-211javascript
161 filePath: 'src/auth.ts',
164 expect(result).not.toContain('\u202E');
165 expect(result).not.toContain('\u2066');
166 expect(result).not.toContain('\u2069');
167 expect(onWarn).toHaveBeenCalled();
170// ---------------------------------------------------------------------------
172// ---------------------------------------------------------------------------
173describe('maskSecrets', () => {
174 it('masks OpenAI API keys', () => {
175 expect(maskSecrets('key is sk-abc123def456ghi789jkl012mno')).toContain('[REDACTED]');
177 it('masks GitHub tokens', () => {
178 expect(maskSecrets('token ghp_abc123def456ghi789jkl012mno345')).toContain('[REDACTED]');
180 it('masks AWS access keys', () => {
181 expect(maskSecrets('AKIAIOSFODNN7EXAMPLE')).toContain('[REDACTED]');
CriticalCritical Secret
Package contains a critical-looking secret pattern.
dist/sanitize.test.jsView on unpkg · L181 183 it('masks npm tokens', () => {
184 expect(maskSecrets('npm_abcdefghijklmnopqrstu')).toContain('[REDACTED]');
186 it('masks Google API keys', () => {
187 expect(maskSecrets('AIzaSyD1234567890abcdefghijklmnopqrstuv')).toContain('[REDACTED]');
189 it('masks quoted secret assignments preserving key name', () => {
190 expect(maskSecrets('api_key = "sk_live_abc123def456ghi789"')).toBe('api_key = "[REDACTED]"');
191 expect(maskSecrets("password: 'supersecrettoken12345678'")).toBe("password: '[REDACTED]'");
193 it('masks unquoted secret assignments', () => {
194 expect(maskSecrets('api_key=sk_live_abc123def456ghi789')).toContain('[REDACTED]');
195 expect(maskSecrets('SECRET=myverylongsecrettokenvalue1234')).toContain('[REDACTED]');
197 it('preserves normal text', () => {
198 const text = 'This is a normal code comment about authentication.';
199 expect(maskSecrets(text)).toBe(text);
201 it('preserves short strings that look like keys', () => {
202 // Too short to be a real key
203 expect(maskSecrets('sk-short')).toBe('sk-short');
205 it('fully redacts sk-proj- tokens without partial leakage', () => {
206 const token = 'sk-proj-abcdef1234567890abcdef1234567890';
207 const result = maskSecrets(`key is ${token}`);
208 expect(result).toBe('key is [REDACTED]');
209 expect(result).not.toContain('sk-proj-');
211 it('still redacts plain sk- tokens', () => {