shhgit
pub
shhgit | pub | |
---|---|---|
7 | 21 | |
3,788 | 1,030 | |
- | 0.7% | |
0.0 | 9.2 | |
8 months ago | 3 days ago | |
JavaScript | Dart | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shhgit
- Tencent WeChat is now a GitHub secret scanning partner
- Why do people use plain text for usernames and passwords on Github? A cautionary tale.
-
Searching across github
Shhgit is a really neat tool for this
- Around 50,000 GitHub credentials leaked as metadata inside commits
-
TruffleHog v3 – Detect and automatically verify over 600 credential types
There are a lot of secret detection tools out there. It probably is going to depend a lot on the specific features you care about. I personally really like shhgit[0] which is MIT licensed and is the tool I've found to most match my workflows.
[0]: https://github.com/eth0izzle/shhgit
-
My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour
Assuming that the person you were working with didn't drain your wallet, there are many tools which can be used to actively monitor for commits being done on GitHub with secrets of sort.
The first one that comes to my mind is shhgit (https://github.com/eth0izzle/shhgit)
Anyone can self host it and then add multiple GitHub Dev keys to it. Then this can be used to monitor GitHub commits being done, majority of which can be categorized as "secrets".
- Ask HN: What are the best automated tools for keeping credentials out of GitHub?
pub
-
Writing a Package Manager
Agreed. Version resolution is the interesting problem.
Most package managers use a SAT solver to resolve dependencies. The Dart team has a detailed write up on their SAT-based approach which is worth a read [1]. For contrast, Russ Cox presents an algorithm that doesn't use a SAT solver (intended for Go) [2].
[1] https://github.com/dart-lang/pub/blob/master/doc/solver.md
[2] https://research.swtch.com/vgo-mvs
- Modern SAT solvers: fast, neat and underused (2018)
-
Private pub.dev - is it possible?
Official documentation.
-
Self hosting package repository
As I understand Custom package repositories it's possible to host one's own package repository. The Repository Specification is public, but dart.dev only references cloud based paid services like Cloudsmith and OnePub.
- PubGrub: A next-generation version solving algorithm
-
I am building a pub server. When does the client send the name and version of the package and how can I access it?
As u/Which-Adeptness6908 already pointed out, the repository specification is small, and that's all you need to implement a server: https://github.com/dart-lang/pub/blob/master/doc/repository-spec-v2.md
- So you want to write a package manager
-
Tencent WeChat is now a GitHub secret scanning partner
https://docs.github.com/en/code-security/secret-scanning/sec...
A bit sad, they don't publish the list of regexes, etc.
--------------
I added a similar thing to the package manager for Dart / Flutter, because we saw users accidentally publishing secrets. That code is public, it relies on regexes and entropy estimation:
https://github.com/dart-lang/pub/blob/eb8ee21a089ebe0f2c2dd8...
It was heavily inspired by the researchers in:
-
Another choice of Flutter Version Manager: fvm in shell
Heres are some issues I've faced when trying with the dart-version cli: - The installation - dart pub global activate needs to have flutter/dart global installed already. - Global activated fvm cli got invalid after flutter upgrade, see issue - The cli does not work with customized fork of flutter. - You should run fvm flutter , not flutter , this changes CI/CD workflow
-
Dart on CLI: Foundations
This will add the args dependency in your pubspec file. We used the Darts package manager pub to add this dependency.
What are some alternatives?
git-secrets - Prevents you from committing secrets and credentials into git repositories
unpub - Self-hosted private Dart Pub server for Enterprise
trufflehog - Find and verify secrets
pub-dev - The pub.dev website
gitleaks - Protect and discover secrets using Gitleaks 🔑
fvm - Flutter Version Management: A simple CLI to manage Flutter SDK versions.
opencti - Open Cyber Threat Intelligence Platform
fvm - Flutter Version Manager - POSIX-compliant bash script to manage multiple active flutter versions
detect-secrets - A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
courier - Private dart package manager
automerge-action - GitHub action to automatically merge pull requests that are ready
roo - A package and environment manager for R