npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mehekfatima/securepush

v1.0.2

Published

CLI tool that prevents accidental pushing of sensitive files like .env and secrets by checking .gitignore and adding a pre-push hook.

Downloads

3

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mehekfatimamehekfatima

Keywords

gitsecurityclipre-pushnodejsautomationgit-hooksdotenvsafe-commitdevopssecurepushhookgithubgit-protection

Readme

SecurePush

A CLI tool that prevents accidental pushing of sensitive files like .env and secrets to your Git repository.

Description

SecurePush is a Node.js-based command-line tool designed to enhance the security of your Git repositories by automatically detecting and preventing the accidental commit or push of sensitive files such as environment variables (.env files) and potential secrets. It integrates seamlessly with Git hooks to provide an additional layer of protection against data leaks.

Features

  • Environment File Detection: Automatically checks for .env files and ensures they are properly ignored in .gitignore.
  • Secret Scanning: Scans .env files for common secret patterns (API keys, tokens, etc.) using regex-based detection.
  • Git Hook Integration: Installs a pre-push hook that blocks commits containing sensitive files.
  • Interactive Prompts: User-friendly prompts to guide you through setup and confirm actions.
  • Colorful Output: Uses chalk for clear, color-coded console messages.

Installation

Global Installation (Recommended)

To install SecurePush globally and use it across all your projects:

npm install -g @mehekfatima/securepush

Local Installation

If you prefer to install it locally in your project:

npm install @mehekfatima/securepush

Then run it using npx:

npx @mehekfatima/securepush

Usage

After installation, simply run the command in your project directory:

securepush

The tool will:

  1. Check for .env files and ensure they are in .gitignore.
  2. Scan the .env file for potential secrets.
  3. Prompt to install a pre-push Git hook for ongoing protection.

Example Output

🔒 SecurePush v1.0.2 — Secret Scanner Edition

⚠️  Detected a .env file in your project.
✅ .env is already ignored.
✅ No obvious secrets found in .env file.
? Install pre-push hook for protection? (Y/n) Y
✅ Pre-push hook installed successfully!

✨ Setup complete! Your repo is now secret-safe.

How It Works

SecurePush performs the following checks and actions:

  1. Environment File Check: Verifies the presence of .env files and ensures they are listed in .gitignore. If not, it offers to create or update the .gitignore file.

  2. Secret Detection: Uses predefined regex patterns to scan .env files for common secret formats, including:

    • API keys
    • Secret keys
    • Access tokens
    • AWS credentials
    • GitHub personal tokens
    • Stripe/OpenAI keys
    • JWT tokens

  3. Pre-Push Hook: Installs a Git pre-push hook that runs before each push operation. The hook checks if any .env files are being tracked or staged for commit, and aborts the push if detected.

Requirements

  • Node.js (v14 or higher)
  • Git repository

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.