@mazhu/envscout
v1.0.0
Published
Security scanner for .env files and environment variable leaks
Readme
@mazhu/envscout 🔍
Security scanner for .env files and environment variable leaks
Features
- scan - Scan a directory recursively for exposed secrets
- check - Check a single file for secrets
- list - List all .env files in a directory
- mask - Auto-mask sensitive values
Detects
.envfile exposure- AWS Access Keys & Secret Keys
- Stripe API Keys (live & test)
- OpenAI API Keys
- GitHub Tokens (personal access, OAuth)
- Google API Keys & OAuth tokens
- Slack Tokens & Webhooks
- Database connection strings (PostgreSQL, MySQL, MongoDB, Redis, MSSQL)
- JWT Secrets
- Private Keys (RSA, EC, PGP)
- Bearer/Basic Auth tokens
- SendGrid, Mailgun, Twilio, and more
Install
npm install -g @mazhu/envscoutUsage
# Scan a directory
envscout scan ./src
# Check a single file
envscout check .env
# List all .env files
envscout list .
envscout list ./project --recursive
# Mask secrets in a file
envscout mask .env -o .env.maskedOutput
🔍 Scanning ./src...
📊 Scan Results
Scanned files: 142
⚠️ .env Files Found:
• ./config/.env
🔴 Secrets Found: 5
CRITICAL
./config/.env:3 AWS_ACCESS_KEY_ID → AKIA***AMPLE
./config/.env:5 STRIPE_SECRET_KEY → sk_live_***xxxx
✅ Run `envscout mask .env` to auto-mask sensitive valuesLicense
MIT