npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@tyler.given/skill-secret-management

v0.2.1

Published

Copilot skill for secure secret management — inject model where script code paths never expose values to agent

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tyler.giventyler.given

Keywords

copilotgithub-copilotskillsecretskeychainkeyringvaultgcmgit-credential-managersecurityinject-model

Readme

skill-secret-management

Copilot skill for secure secret management using an inject model — the agent orchestrates operations but never sees secret values through script code paths. The injected subprocess is agent-chosen and may produce output containing the value — use purpose-built commands.

Architecture

Agent (LLM context)          │  Script (subprocess)
─────────────────────────────┼───────────────────────────────
"store GITLAB_TOKEN"    ──►  │  read -rsp → backend write
"inject KEY -- cmd"     ──►  │  backend read → env KEY=val cmd
"list"                  ──►  │  key names only → stdout
"exists KEY"            ──►  │  exit code 0/1
"delete KEY"            ──►  │  backend delete
                             │
  Agent sees: exit codes,    │  Script sees: secret values
  key names, cmd output      │  (scoped, never printed)

Install

git clone https://github.com/tyler555g/skill-secret-management.git ~/.copilot/skills/secret-management

Operations

| Op | Command | What Happens | Agent Sees | |----|---------|-------------|------------| | store | secret-ops.sh store KEY | Interactive read -rsp → backend | Exit code | | inject | secret-ops.sh inject KEY --confirm -- cmd args | Retrieves secret, injects via subshell+exec | Command output | | list | secret-ops.sh list | Queries backend for key names | Key names (GCM: unsupported) | | delete | secret-ops.sh delete KEY --confirm | Removes from backend | Exit code | | exists | secret-ops.sh exists KEY | Checks backend | Exit 0=yes, 1=no |

Backends

| Backend | Tool | OS | Auto-detect Priority | |---------|------|----|---------------------| | HashiCorp Vault | vault | Any | 1st (if VAULT_ADDR set + authenticated) | | macOS Keychain | security | macOS | 2nd | | Linux keyring | keyctl | Linux | 3rd | | Git Credential Manager | git credential-manager | Any | 4th (cross-platform fallback) |

Backend is pinned on first use to ~/.config/secret-ops/backend. No silent downgrade.

Security Model

  • No reveal — there is no get/read command. Only inject (scoped subprocess via subshell+exec).
  • Namespaced storage — all backends use secret-ops: prefix / secret/secret-ops/ path to isolate from unrelated credentials.
  • Deterministic GCM — forces credential.helper=manager and credential.useHttpPath=true on every call.
  • Approval gatesinject and delete require --confirm flag. Agent must ask user before passing it.
  • Fail-closed — if the pinned backend fails, the operation fails. No fallback chain.
  • No argv leaks — secrets injected via shell export in a subshell, not env command argv.
  • Locked backend pinning — first-use detection uses flock/mutex to prevent race conditions.
  • Key validation — key names restricted to [A-Za-z0-9_.-]+ (max 256 chars). Inject further restricted to env-var-safe.
  • Hardened permissions — config directory set to 0700.
  • Audit log — every operation logged to ~/.config/secret-ops/audit.log (ops only, never values).
  • AI-Human Principle 3 — agent never asks for, sees, or handles secret values through script code paths.

Token Efficiency

SKILL.md is protocol-only (~625 tokens). All logic lives in scripts that are executed but never loaded into context. ~90% reduction vs v0.1.0.

Authoritative Sources

License

MIT