Question 1

How to ignore false positives in eslint-plugin-no-secrets?

Accepted Answer

You can use options like ignoreContent, ignoreIdentifiers, or add eslint-disable-next-line comments, as detailed in the README's section on handling non-secrets. For example, ignoreIdentifiers can skip variables like BASE64_CHARS.

Question 2

eslint-plugin-no-secrets vs truffleHog for secret detection?

Accepted Answer

This plugin integrates directly into ESLint for development-time scanning with AST awareness, while truffleHog is a standalone tool for git history scanning. Choose this for pre-commit checks within code, but use truffleHog for historical analysis.

Question 3

How to configure eslint-plugin-no-secrets for JSON files?

Accepted Answer

Install eslint-plugin-jsonc and extend its config in your ESLint setup, as shown in the README's flat config and eslintrc examples. This allows the plugin to scan JSON files alongside JavaScript.

Question 4

Does eslint-plugin-no-secrets work with TypeScript?

Accepted Answer

Yes, it should work with TypeScript files if ESLint is configured to handle them, as it relies on ESLint's AST parsing. Ensure your ESLint setup includes TypeScript support via plugins like @typescript-eslint.

Question 5

What's a good entropy tolerance setting for this plugin?

Accepted Answer

The default is 4, but you can adjust it based on your codebase. Lower tolerance increases sensitivity but may raise false positives; the README suggests tuning it, like setting tolerance to 3.2 for stricter checks.

Question 6

How to add custom regex patterns to detect specific secrets?

Accepted Answer

Use the additionalRegexes option in the rule configuration to define custom patterns, such as for Basic Auth tokens. The README provides examples and links to standard patterns for reference.

no-secrets

What is no-secrets?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions