envchain
secretlint
envchain | secretlint | |
---|---|---|
3 | 7 | |
1,139 | 698 | |
- | 0.9% | |
0.0 | 9.4 | |
almost 2 years ago | 16 days ago | |
C | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
envchain
-
How do you protect your secret keys in your local computer?
I use https://github.com/sorah/envchain. It stores your secrets in Keychain (macOS) or gnome-keyring.
-
Secretlint 6: masking API tokens in .bash_history and .zsh_history
Credentials are often stored as raw text in .config/ or ~/.aws. These can be found in 1Password Shell Plugins, op run, zenv, envchain, etc. to avoid storing raw tokens in files.
-
How to Handle Secrets on the Command Line
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
https://github.com/hashicorp/envconsul
secretlint
-
GitHub Sponsors: azu the Japanese TypeScript and JavaScript developer
Azu created 500+ npm packages, wrote and maintains a number of popular command line tools for JavaScript. textlint has 2,751 stars, Secretlint has 698 stars. honkit for building books has 2,896 stars.
-
Secretlint 6: masking API tokens in .bash_history and .zsh_history
In most cases, you can't automatically fix any confidential information you find, but I've noticed that it's OK to automatically remove or mask any confidential information that has been left in .bash_history or .zsh_history. To automatically modify API tokens left in history files, Secretlint v6 adds a --format=mask-result formatter .
-
My GitHub Sponsors Revenue @ 2022
Software development: textlint, Secretlint, HonKit and other development and maintenance.
-
Looking Back on Two Years of GitHub Sponsors
Continuously committed repositories include JSer.info, textlint, and JavaScript Primer, etc. On the other hand, the newly created ones after the launch of GitHub Sponsors include philan.net, HonKit, Secretlint, etc.
-
🛡🔑 Secretlint 4.0.0: Support ESM rule and secretlint-disable directive
secretlint is pluggable linting tool to prevent committing credential like SSH private key, GCP Access token, AWS Access Token, Slack Token, and npm auth token.
-
secrellint can mask the secrets
secretlint is a pluggable linting tool to prevent committing credential.
-
secretlint v3.0 support GitHub token detection!
You can setup pre-commit Hook per project or pre-commit Hook globally. This git's pre-commit prevent you to commit your credentials like GitHub Token, SSH key, AWS crendentials.
What are some alternatives?
Mosh - Mobile Shell
git-secrets - Prevents you from committing secrets and credentials into git repositories
gosec - Go security checker
oslint - Open-Source Good Practices Analysis
platform-compat - Roslyn analyzer that finds usages of APIs that will throw PlatformNotSupportedException on certain platforms.
Open-Source-Security-Coalition
envconsul - Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
honkit - :book: HonKit is building beautiful books using Markdown - Fork of GitBook
dotfiles - Home directory with an absurd amount of tweaks
sponsorkit - 💖 Toolkit for generating sponsors images 😄
ShellCheck - ShellCheck, a static analysis tool for shell scripts
textlint - The pluggable natural language linter for text and markdown.