Lines 72-112javascript
72 // Bearer authorization headers
73 { name: "BEARER_AUTH", regex: /[Bb]earer\s+[A-Za-z0-9_-]{20,}/g, marker: MARKERS.TOKEN },
75 { name: "VERCEL_TOKEN", regex: /\bvercel_[A-Za-z0-9_-]{20,}/g, marker: MARKERS.TOKEN },
77 { name: "NETLIFY_TOKEN", regex: /\bnf[pt]_[A-Za-z0-9_-]{20,}/g, marker: MARKERS.TOKEN },
79 { name: "CLOUDFLARE_TOKEN", regex: /\bcf[_-][A-Za-z0-9_-]{30,}/gi, marker: MARKERS.TOKEN },
82// ─── Multi-line Patterns ────────────────────────────────────────────────────
83// These operate on the full file content, not line-by-line.
85/** @type {SecretPattern[]} */
86const MULTILINE_PATTERNS = [
87 // PEM blocks (RSA, EC, DSA, PKCS8 private keys + certificates)
88 { name: "PEM_PRIVATE_KEY", regex: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC |DSA )?PRIVATE KEY-----/g, marker: MARKERS.PEM },
89 { name: "PEM_CERTIFICATE", regex: /-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----/g, marker: MARKERS.PEM },
90 { name: "PEM_ENCRYPTED_KEY", regex: /-----BEGIN ENCRYPTED PRIVATE KEY-----[\s\S]*?-----END ENCRYPTED PRIVATE KEY-----/g, marker: MARKERS.PEM },
92 { name: "SSH_PRIVATE_KEY", regex: /-----BEGIN OPENSSH PRIVATE KEY-----[\s\S]*?-----END OPENSSH PRIVATE KEY-----/g, marker: MARKERS.PEM },
CriticalCritical Secret
Package contains a critical-looking secret pattern.
src/security/patterns.jsView on unpkg · L92 CriticalSecret Pattern
OpenSSH private key in src/security/patterns.js
src/security/patterns.jsView on unpkg · L92 93 // Google service account JSON ("private_key" field)
94 { name: "GOOGLE_SERVICE_ACCOUNT", regex: /"private_key"\s*:\s*"-----BEGIN[^"]*-----END[^"]*-----\\n"/g, marker: MARKERS.PEM },
95 // Multiline base64 private keys (indented base64 blocks following key headers)
96 { name: "BASE64_PRIVATE_KEY", regex: /(?:private[_-]?key|PRIVATE[_-]?KEY)\s*[:=]\s*['"]?[A-Za-z0-9+/=\s]{64,}['"]?/gi, marker: MARKERS.PEM },
99// ─── Generic Key-Value Catch-All ────────────────────────────────────────────
100// Catches any remaining `SOME_SECRET_NAME=value` patterns in .env-like files.
102/** @type {SecretPattern[]} */
103const ENV_PATTERNS = [
104 // Generic .env key=value where key contains secret-like words
105 { name: "ENV_SECRET_GENERIC", regex: /^([A-Z_]*(?:SECRET|KEY|TOKEN|PASSWORD|CREDENTIAL|AUTH|PRIVATE)[A-Z_]*)\s*=\s*['"]?(.{6,})
108// ─── Sensitive File Patterns ────────────────────────────────────────────────
109// Files that should be skipped or sanitized entirely. See §3.
111const SENSITIVE_FILE_PATTERNS = [