{"library":"secretlint","title":"Secretlint CLI for Secret Detection","description":"Secretlint is a powerful CLI tool designed for scanning codebases to detect and prevent the leakage of sensitive data like API keys, credentials, and private information. The current stable version is 12.2.0, with minor and patch releases occurring frequently, and major versions introducing breaking changes like Node.js engine requirements. It offers a highly extensible architecture through pluggable rules and presets (e.g., `@secretlint/secretlint-rule-preset-recommend`), supporting various file formats and offering multiple output formatters including `stylish`, `mask-result`, and `github` annotations. Key differentiators include its focus on precise secret detection, a flexible configuration system using `.secretlintrc` files, and the ability to mask secrets in output, making it suitable for CI/CD pipelines and pre-commit hooks.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install secretlint"],"cli":{"name":"secretlint","version":null}},"imports":["import { run } from 'secretlint';","import { SecretlintCoreResult } from 'secretlint';","import { loadConfig } from 'secretlint';","import { SecretlintCLIOptions } from 'secretlint';"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import { run } from 'secretlint';\nimport * as fs from 'node:fs/promises';\nimport * as path from 'node:path';\n\nconst tempDir = path.join(process.cwd(), '.secretlint-temp');\nconst tempFile = path.join(tempDir, 'example.js');\nconst configFile = path.join(tempDir, '.secretlintrc.json');\n\nasync function quickstart() {\n  await fs.mkdir(tempDir, { recursive: true });\n  await fs.writeFile(tempFile, 'const secretKey = \"sk_live_YOUR_SECRET_KEY_123\";');\n  await fs.writeFile(configFile, JSON.stringify({\n    \"rules\": [\n      {\n        \"id\": \"@secretlint/secretlint-rule-preset-recommend\",\n        \"rule\": \"@secretlint/secretlint-rule-preset-recommend\"\n      }\n    ]\n  }, null, 2));\n\n  try {\n    console.log('Running secretlint CLI via npx:');\n    // Using child_process for CLI demo, or `run` for programmatic\n    const { execa } = await import('execa'); // Using dynamic import for execa\n    const cliResult = await execa('npx', [\n      'secretlint',\n      tempFile,\n      '--secretlintrc', configFile,\n      '--format=stylish'\n    ], { reject: false, cwd: tempDir });\n    console.log(cliResult.stdout);\n    if (cliResult.exitCode === 1) {\n      console.log('CLI detected secrets and exited with code 1.');\n    } else {\n      console.log('CLI finished, no secrets detected or --output was used.');\n    }\n\n    console.log('\\nRunning secretlint programmatically with `run` function:');\n    const programmaticResult = await run([tempFile], {\n      cwd: tempDir,\n      secretlintrc: configFile,\n      format: 'mask-result'\n    });\n    console.log(programmaticResult.output);\n\n    if (programmaticResult.ok === false) {\n      console.log('Programmatic run detected secrets.');\n    } else {\n      console.log('Programmatic run finished, no secrets detected.');\n    }\n\n  } catch (error) {\n    console.error('An error occurred:', error);\n  } finally {\n    await fs.rm(tempDir, { recursive: true, force: true });\n  }\n}\n\nquickstart();","lang":"typescript","description":"Demonstrates initializing a basic `.secretlintrc.json` and then running `secretlint` both via the command line (using `npx`) and programmatically using the `run` function, showing secret detection and output masking.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}