Invalid detection of a sample octokit token #114327
Unanswered
peckjon
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Bug
Body
The package octokit/auth-token@2.4.0 contains a codesample in its README containing this (presumably invalid) token:
v1.d3d433526f780fbcc3129004e2731b3904ad0b86
Secret Scanning detects this as a "Possibly active secret"
Breadth of impact: anyone using
octokit/auth-token@2.4.0
(legacy, but still present in the world)Suggested fix: globally allow-list
v1.d3d433526f780fbcc3129004e2731b3904ad0b86
Beta Was this translation helpful? Give feedback.
All reactions