npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

detect-secrets-js

v2.2.1

Published

A JavaScript implementation of Yelp's detect-secrets tool - no Python required

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kumail_razakumail_raza

Keywords

securitysecretsscannerdetect-secretsapi-keyscredentialssecurity-scannersecret-detectionwebassemblywasmyelp

Readme

detect-secrets-js

A JavaScript implementation of Yelp's detect-secrets tool, with no Python dependency required.

This package provides the same functionality as Yelp's detect-secrets but implemented in JavaScript using WebAssembly technology, eliminating the need for Python installation.

Features

  • No Python Required: Uses WebAssembly to run the scanning code directly in Node.js
  • Easy Installation: Simple npm installation with no external dependencies
  • Fast Scanning: Efficiently scans files and directories for secrets
  • Customizable: Configure exclusions, scan specific directories, and more
  • False Positive Detection: Identifies likely false positives to reduce noise
  • Missed Secret Detection: Optional detection of patterns that might be missed by the main scanner
  • Compatible API: Similar interface to Yelp's detect-secrets for easy migration
  • Memory Efficient: Automatically skips binary files and handles large codebases

Installation

npm install -g detect-secrets-js

Usage

Command Line

# Scan the current directory
detect-secrets-js

# Scan a specific directory
detect-secrets-js --directory ./src

# Exclude specific files or directories
detect-secrets-js --exclude-files "*.test.js,*.spec.js" --exclude-dirs "node_modules,dist"

# Check for potentially missed secrets
detect-secrets-js --check-missed

# Save results to a file
detect-secrets-js --output results.json

# Enable file size limits to prevent memory issues with very large files
detect-secrets-js --limit-file-size

# Set a custom maximum file size (in KB) when limits are enabled
detect-secrets-js --limit-file-size --max-file-size 2048

API

const detectSecrets = require('detect-secrets-js');

async function scanMyProject() {
  // Initialize the WebAssembly module (required before scanning)
  await detectSecrets.initialize();
  
  // Scan a directory
  const results = await detectSecrets.scanDirectory('./src', {
    excludeFiles: ['*.test.js', '*.spec.js'],
    excludeDirs: ['node_modules', 'dist'],
    checkMissed: true,
    limitFileSize: false,  // Set to true to enable file size limits
    maxFileSize: 2 * 1024 * 1024  // Custom max file size in bytes (2MB) when limits are enabled
  });
  
  console.log(`Found ${results.secrets.length} secrets`);
  
  // Scan a specific file
  const fileResults = await detectSecrets.scanFile('./config.js');
  
  // Scan a string
  const contentResults = await detectSecrets.scanContent(
    'const apiKey = "1234567890abcdef";', 
    'example.js'
  );
}

scanMyProject().catch(console.error);

Options

| Option | CLI Flag | Description | |--------|----------|-------------| | directory | -d, --directory <path> | Directory to scan (default: current directory) | | root | -r, --root | Scan from project root | | excludeFiles | -e, --exclude-files <patterns> | File patterns to exclude (comma-separated) | | excludeDirs | -x, --exclude-dirs <patterns> | Directory patterns to exclude (comma-separated) | | checkMissed | -m, --check-missed | Check for potentially missed secrets | | verbose | -v, --verbose | Include additional information | | output | -o, --output <file> | Output file path | | limitFileSize | -l, --limit-file-size | Enable file size limits to prevent memory issues | | maxFileSize | --max-file-size <size> | Maximum file size to scan in KB (default: no limit) |

How It Works

This package implements the same secret detection patterns as Yelp's detect-secrets but uses WebAssembly technology to eliminate the Python dependency. The scanning is performed using a combination of regex patterns to detect common secret formats.

The first time you run the tool, it will download and initialize the WebAssembly environment. This may take a few seconds, but subsequent runs will be faster.

Memory Management

By default, the tool will scan all files regardless of size, but you can enable memory protection features:

  1. Binary File Detection: Automatically skips binary files like images, executables, and compressed files
  2. Optional Size Limits: Use --limit-file-size to enable file size limits
  3. Custom Size Limits: Set your own maximum file size with --max-file-size
  4. Automatic Truncation: Very large text files can be truncated to prevent memory issues

Types of Secrets Detected

The tool can detect a wide range of secrets, including:

  • API Keys (Google, Stripe, etc.)
  • AWS Access Keys and Secret Keys
  • Private Keys (RSA, DSA, etc.)
  • Database Connection Strings
  • JWT Tokens
  • GitHub Tokens
  • OAuth Tokens
  • Generic Passwords and Secrets

Testing

You can run basic tests with:

cd wasm-version
npm run build
node test/test.js

Comparison with Yelp's detect-secrets

This package is inspired by and compatible with Yelp's detect-secrets but offers several advantages:

  1. No Python Dependency: Works without requiring Python installation
  2. Easier Installation: Simple npm installation process
  3. JavaScript Native: Fully integrated with Node.js ecosystem
  4. Similar Detection Patterns: Implements the same secret detection patterns
  5. Memory Efficient: Better handling of large repositories and binary files

Version History

v2.1.1

  • Removed example files containing secrets to avoid GitHub secret scanning
  • Updated test files to use safe example values
  • Fixed repository URLs

v2.1.0

  • Removed default file size limits to scan all files by default
  • Added comprehensive secret type documentation
  • Fixed minor bugs and improved error handling

v2.0.0

  • Complete rewrite using WebAssembly technology
  • Removed Python dependency requirement
  • Enhanced pattern matching for better secret detection
  • Improved performance and cross-platform compatibility
  • Added memory-efficient handling of large repositories

License

MIT