.secretlintrc.json
is configuration file on secretlint.
Also, secretlint support .secretlintrc.{yml,yaml,js}
file.
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend"
}
]
}
The id
property is the name of secretlint rule package.
For example, if you want to use @secretlint/secretlint-rule-example
, please set { "id": "@secretlint/secretlint-rule-example" }
in rules
.
Secretlint does not have built-in rule.
You want to add some rule, and You should install the package and add the rule to .secretlintrc
file.
Each rule has common configuration patterns:
options
: Option definition for the rule. For more details, see each rule documentationdisabled
: Ifdisabled
istrue
, disable the ruleallowMessageIds
:allowMessageIds
is an array of message id that you want to suppress error report- message id is defined in each rule and please see the rule documentation
For example, @secretlint/secretlint-rule-example
has allows
in options
.
This allows
option define a list of RegExp-like String that you want to ignore.
{
"rules": [
{
"id": "@secretlint/secretlint-rule-example",
"options": {
"allows": [
"/dummy_secret/i"
]
}
}
]
}
When you use a preset like @secretlint/secretlint-rule-preset-recommend
, you need to put the option in rules
.
For example, an option for @secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-aws
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend",
"rules": [
{
"id": "@secretlint/secretlint-rule-aws",
"options": {
"allows": [
// it will be ignored
"xxxx-xxxx-xxxx-xxxx-xxxx"
]
}
}
]
}
]
}
For example, you have got following error report by run secretlint
:
$ secretlint "**/*"
SECRET.txt
1:8 error [EXAMPLE_MESSAGE] found secret: SECRET @secretlint/secretlint-rule-example
✖ 1 problem (1 error, 0 warnings)
This error's message id is EXAMPLE_MESSAGE
in @secretlint/secretlint-rule-example
.
If you want to ignore this error, please use allowMessageIds
.
{
"rules": [
{
"id": "@secretlint/secretlint-rule-example",
"allowMessageIds": ["EXAMPLE_MESSAGE"]
}
]
}
When you use a preset like @secretlint/secretlint-rule-preset-recommend
, you need to put the option in rules
.
For example, If you want to ignore "AWSAccountID" and "AWSAccessKeyID" of "@secretlint/secretlint-rule-aws", you can write following.
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend",
"rules": [
{
"id": "@secretlint/secretlint-rule-aws",
"allowMessageIds": ["AWSAccountID", "AWSAccessKeyID"]
}
]
}
]
}
You can tell Secretlint to ignore specific files and directories by creating an .secretlintignore
file in your project's root directory.
The .secretlintignore
file is a plain text file where each line is a glob pattern indicating which paths should be omitted from linting. For example, the following will omit all JavaScript files:
**/*.js
.secretlintignore
define syntax
- Lines beginning with
#
are treated as comments and do not affect ignore patterns - Paths are relative to the current working directory
- Lines preceded by
!
are negated patterns that re-include a pattern that was ignored by an earlier pattern. - Ignore patterns behave according to the
.gitignore
specification.
Of particular note is that like .gitignore
files, all paths used as patterns for .secretlintignore
must use forward slashes as their path separators.
# Valid - use \
/config/*.pem
# Invalid
\config\*.pem
Please see .gitignore
's specification for further examples of valid syntax.
Currently, secretlint ignore following file by default:
[
"**/.git/**",
"**/node_modules/**",
"**/.secretlintrc/**",
"**/.secretlintrc.{json,yaml,yml,js}/**",
"**/.secretlintignore*/**"
]
You can use specif file as ignoring configuration.
you can specify it on the command line using the --secretlintignore
option.
For example, you can use .gitignore
file because it has the same format:
secretlint --secretlintignore .gitignore "**/*"
@secretlint/secretlint-rule-filter-comments support ignoring comment like secretlint-disable
.
Install with npm:
npm install @secretlint/secretlint-rule-filter-comments
And setting to .secretlintrc.json
:
{
"rules": [
{
"id": "@secretlint/secretlint-rule-filter-comments"
}
]
}
@secretlint/secretlint-rule-preset-recommend includes @secretlint/secretlint-rule-filter-comments.
If you have used @secretlint/secretlint-rule-preset-recommend, you not need to setup @secretlint/secretlint-rule-filter-comments
.
{
"rules": [
{
"id": "@secretlint/secretlint-rule-preset-recommend"
}
]
}
secretlint-disable
disablesecretlint-enable
: enable againsecretlint-disable-line
: ignore current linesecretlint-disable-next-line
: ignore next line
To temporarily disable rule warnings in your file, use block comments in the following format:
You can replace //
with any characters like #
or /*
etc...
@secretlint/secretlint-rule-filter-comments
only look up /(?<type>secretlint-(?:disable-next-line|disable-line|disable|enable))(?<options>.*)/g
pattern.
// secretlint-disable
THIS IS IGNORED SECRET
// secretlint-enable
THIS WILL REPORTED SECRET
You can also disable or enable warnings for specific rules:
/* secretlint-disable @secretlint/secretlint-rule-github */
const TOKEN = "ghs-<github token>";
/* secretlint-enable @secretlint/secretlint-rule-github */
To disable rule warnings in an entire file, put a /* secretlint-disable */
block comment at the top of the file.
Of course, you can use .secretlintignore instead of it.
// secretlint-disable
.... all ignored ....
You can also disable or enable specific rules for an entire file:
// secretlint-disable @secretlint/secretlint-rule-github
GITHUB TOKEN WILL NOT DETECT!
To disable all rules on a specific line using secretlint-disable-line
:
THIS IS SECRET BUT IT WILL BE IGNORED // secretlint-disable-line
To disable all rules on a next line using secretlint-disable-nextline
:
// secretlint-disable-next-line
THIS IS SECRET BUT IT WILL BE IGNORED
All disable/enable syntax can include comment using -- comment
.
// secretlint-disable @secretlint/secretlint-rule-github -- disable github rule