secret-shield icon indicating copy to clipboard operation
secret-shield copied to clipboard
verified publisher icon mapbox

shield npm publish?

Open andrewharvey opened this issue 7 years ago • 3 comments

Are you likely to extend this to npm publish?

I'm embarrassed to admit I've accidentally leaked secret keys through npm not realising npm publish takes the whole directory including files not staged!

andrewharvey avatar Aug 30 '18 10:08 andrewharvey

Hey @andrewharvey ! Thanks for the question. What about adding a secret-shield run to prepublish or prepublishOnly scripts in your package.json ? That should cancel the publish if secret-shield finds anything. Is the ask here to automate the setup of that via the binary?

agius avatar Sep 04 '18 19:09 agius

Oh that's true, that approach should work well, thanks.

andrewharvey avatar Sep 05 '18 06:09 andrewharvey

Opening for adding to documentation.

elfakyn avatar Sep 06 '18 23:09 elfakyn