looksfake
v1.0.1
Published
Tiny CLI to create synthetic API keys
Readme
looksfake 
Zero-dependency CLI that creates a synthetic API key in the same shape as a real one.
Example:
npx looksfake 418937625:AAHk-9BwNp4TzXc7Jm_VrQ2FyDs8LgUeM1POutput:
123456789:ABCd-0EfGh1IjKl2Mn_OpQ3RsTu4VwXyZ5A
Why not?
You should not trust npm packages, you should never paste a real API key in a tool you haven't read end to end. There are several layers where it could become malicious:
An
npmpackage can have different content from GitHub repository. This repository does use GitHub Actions to guarantee the same, but it guards the author more than the users. Nothing stops the attacker from replacing thenpmpackage later.Even if the content is the same as on GitHub, a package can hide malicious content inside a dependency. Although, this package is zero-dependency.
If you read the source code on GitHub, the malicious code could be hidden after whitespace, because sometimes it's hard to spot the horizontal scrollbar.
The API key is going to land in your shell history.
If that didn't stop you, consider changing a few letters before running the script. Replacing three characters in a 38 characters long key would already require an attacker to test ~150 million combinations.
License
Apache-2.0
