Skip to content

Commit 58aa5a0

Browse files
DazixDazix
committed
feat(plugin-npm): support any length of npm token e.g. gitlab token
1 parent 9f3ddd4 commit 58aa5a0

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

detect_secrets/plugins/npm.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,5 @@ class NpmDetector(RegexBasedDetector):
1313
denylist = [
1414
# npmrc authToken
1515
# ref. https://stackoverflow.com/questions/53099434/using-auth-tokens-in-npmrc
16-
re.compile(r'\/\/.+\/:_authToken=\s*((npm_.+)|([A-Fa-f0-9-]{36})).*'),
16+
re.compile(r'\/\/.+\/:_authToken=\s*(?!\$\{[A-Z_]+\})((npm_.+)|\S+).*'),
1717
]

tests/plugins/npm_test.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ class TestNpmDetector:
1818
('_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False),
1919
('foo', False),
2020
('//registry.npmjs.org/:_authToken=${NPM_TOKEN}', False),
21+
('//gitlab.com/api/v4/projects/1347/packages/npm/:_authToken=glpat-a8r3xUFrtP-isd1DLK_r', True),
22+
('//gitlab.com/api/v4/projects/1347/packages/npm/:_authToken=${CI_JOB_TOKEN}', False),
2123
],
2224
)
2325
def test_analyze(self, payload, should_flag):

0 commit comments

Comments
 (0)