npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

proteccapi

v2.0.0

Published

CLI tool to scan for common API keys and optionally manage .env files

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

realjsrealjs

Keywords

securityapiscannergit-hookenv

Readme

Secure Scan CLI Tool

Secure Scan is a CLI tool to detect and manage sensitive API keys in your codebase. It supports detecting common API keys and managing them securely by suggesting environment variable usage. It also integrates with Git pre-commit hooks to prevent committing sensitive keys.

Features

  • Detects common API keys such as AWS, GitHub, OpenAI, Google Cloud, Stripe, and more.
  • Provides a CLI interface for scanning and handling API keys.
  • Automatically generates or updates a .env file with detected API keys.
  • Suggests replacing sensitive keys in your code with environment variables.
  • Blocks commits with exposed API keys using Git hooks.

Installation

Install Globally via NPM

npm install -g proteccapi

Once installed, the secure-scan command will be globally available.

Install Locally

Alternatively, install it as a local dependency in your project:

npm install proteccapi

Usage

Basic commands

Scan Staged Files To scan only staged files:

secure-scan

Scan All Files To scan all files in the project:

secure-scan --all

Generate/Update .env File To automatically add detected keys to a .env file:

secure-scan --env

Custom .env Path Specify a custom path for the .env file:

secure-scan --env --env-path ./config/.env

Debug Mode Enable debug logs to troubleshoot issues:

secure-scan --debug

Integration with Git Hooks

Secure Scan can be integrated into your Git workflow to block commits containing sensitive keys.

Set Up Pre-Commit Hook Install Husky:

npm install husky --save-dev
npx husky install

Add a Pre-Commit Hook:

npx husky add .husky/pre-commit "secure-scan"

Now, Secure Scan will run before every commit to block commits with exposed API keys.

Supported API Keys

Secure Scan detects the following API keys:

  • AWS Access Key
    • Regex: AKIA[0-9A-Z]{16}
  • AWS Secret Key -Regex: [A-Za-z0-9/+=]{40}
  • GitHub Token
    • Regex: gh[oprs][A-Za-z0-9]{36}
  • OpenAI API Key
    • Regex: sk-(live|test)-[A-Za-z0-9]{32}
  • Google Cloud API Key
    • Regex: AIza[0-9A-Za-z-_]{35}
  • Stripe API Key
    • Regex: (?:sk_live|pk_live)_[A-Za-z0-9]{24}

Development

Clone the Repository To contribute to Secure Scan, clone the GitHub repository:

git clone https://github.com/aayanrahman/proteccapi.git
cd proteccapi

Install Dependencies Install all required dependencies:

npm install

Run Locally Run the CLI tool locally:

npm run scan

Publish Updates to NPM Increment the version in package.json:

npm version patch

Publish to npm:

npm publish

Examples

** Example 1: Detect API Keys: ** Create a file test.js with the following content:

const apiKey = "your-api-key";

Stage the file:

git add test.js

Run Secure Scan:

secure-scan

Output:

⚠️  Found potential API keys:
  OpenAI API Key in file test.js:
    your-api-key

❌ Commit blocked! Remove or handle these keys before committing.

License

Secure Scan is open-source software licensed under the MIT License.

Contributing

We welcome contributions to improve Secure Scan! To contribute:

  1. Fork the repository.
  2. Create a new branch for your feature or bug fix.
  3. Submit a pull request.

Support

For questions or issues, open an issue on GitHub.