sherscan
v0.1.1
Published
AI-aware security scanner — finds exposed secrets and checks if your AI agent can read sensitive files
Maintainers
Readme
🔍 sherscan
AI-aware security scanner, finds exposed secrets in your codebase and checks whether your AI coding agent (Cursor, Copilot, Windsurf, Claude Code, etc.) can actually read your sensitive files.
Most secret scanners stop at "you have a .env file." sherscan goes one step further: it checks whether that file is actually blocked from AI agents via .cursorignore, .aiexclude, .clineignore, Claude Code's deny rules.
Why
AI coding assistants can read almost any file in your project by default. If your .env, private keys, or credentials aren't explicitly excluded, your AI agent (and anything it shares context with) can see them. sherscan audits this blind spot in seconds.
Features
- 🔎 Sensitive file detection, flags
.envfiles, private keys (.pem,.key,id_rsa), cloud credentials (.aws/credentials,.npmrc), keystores, and more. - 🔑 Secret scanning, greps file contents for real leaked credentials: AWS keys, GitHub tokens, Stripe keys, Supabase keys, Anthropic keys, SendGrid keys, private key blocks, JWTs, and generic hardcoded secrets.
- 🤖 AI exposure check, cross-references every sensitive file against the ignore files of 9+ AI tools (Cursor, Windsurf, Cline, Gemini, Codeium, Copilot, Claude Code, and generic
.aiignore) to see if it's actually protected. - 🛡️ Masked previews, secrets are shown masked (e.g.
AKIA********MNOP) so reports are safe to share/paste. - 📊 Readable or machine output, pretty colored terminal report by default, or
--jsonfor scripting. - 🚦 CI-friendly,
--ciflag exits with code1when exposed secrets are found, so you can fail a pipeline on real risk.
Installation
Run it directly without installing anything (recommended):
npx sherscanOr install globally:
npm install -g sherscanOr add it as a dev dependency to run via npm scripts:
npm install --save-dev sherscanUsage
Scan the current directory:
npx sherscanScan a specific project path:
npx sherscan ./path/to/projectOutput JSON (for scripting or piping into other tools):
npx sherscan --jsonFail CI when a sensitive file with no AI-ignore coverage is found:
npx sherscan --ciOptions
| Flag | Description |
| --------------- | ------------------------------------------------------------- |
| [path] | Project directory to scan (defaults to .) |
| --json | Output results as JSON instead of a colored report |
| --ci | Exit with code 1 if any fully-exposed findings are detected |
| -V, --version | Print the version number |
| -h, --help | Print usage help |
Example output
────────────────────────────────────────────────────
🔍 sherscan · AI-aware security scanner
────────────────────────────────────────────────────
────────────────────────────────── SUMMARY ──────────────────────────────────
Sensitive files found 1
Secrets in content 1
Files exposed to AI agents 1
HIGH 1 file(s)
────────────────────────────── SECRETS DETECTED ─────────────────────────────
HIGH .env
Line 1 · AWS Access Key
Preview: SECRET_KEY=AKIA********MNOP
──────────────────────────────── AI EXPOSURE ────────────────────────────────
HIGH .env
Status fully exposed has secret
──────────────────────────────── RECOMMENDATIONS ────────────────────────────
✖ No AI ignore files found in this project
→ Create a .aiignore or .cursorignore and add:
.env
⚠ Rotate these credentials immediately:
.env
────────────────────────────────────────────────────
✖ Issues found — review recommendations above
────────────────────────────────────────────────────What it checks
Sensitive files
sherscan flags files matching common sensitive-file patterns, including:
.env,.env.*(any environment file)*.pem,*.key,id_rsa*,id_ed25519*(private keys)*.p12,*.pfx,*.keystore(certificates/keystores)credentials.json,secrets.*.npmrc.aws/credentials,.aws/config- Supabase's
supabase/.temp/**directory
Secret patterns
File contents (for common source/config file types under 500 KB, skipping binaries) are scanned for:
- AWS Access Keys
- GitHub Tokens
- Stripe Live/Test Keys
- Supabase Keys
- Anthropic API Keys
- SendGrid Keys
- Private key blocks (
-----BEGIN ... PRIVATE KEY-----) - Generic JWTs
- Hardcoded
SECRET/API_KEY/PRIVATE_KEY/AUTH_TOKENassignments
Matches inside comments are skipped, and all detected secrets are masked in the report.
AI exposure
For every sensitive file found, sherscan checks whether it's covered by any of these AI-tool ignore mechanisms:
| Tool | Ignore file |
| ----------- | -------------------------------------------------- |
| Cursor | .cursorignore, .cursorindexingignore |
| Windsurf | .windsurfignore |
| Cline | .clineignore |
| Gemini | .aiexclude, .geminiignore |
| Codeium | .codeiumignore |
| Copilot | .copilotignore |
| Claude Code | .claude/settings.json (permissions.deny rules) |
| Generic | .aiignore |
A file is marked fully exposed if none of the detected AI tools' ignore rules cover it — meaning an AI agent working in that project could read it.
Using in CI
Add sherscan to your pipeline to catch exposed secrets before they ship:
# .github/workflows/security.yml
name: Security check
on: [push, pull_request]
jobs:
sherscan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npx sherscan --ciThe command exits with code 1 if any sensitive file is fully exposed to an AI agent, failing the build.
Requirements
- Node.js >= 18
License
MIT
