From af23e36adef088f75f375244482682e4d8d46469 Mon Sep 17 00:00:00 2001 From: Niklas Haug Date: Thu, 2 Apr 2026 16:17:51 +0200 Subject: [PATCH 01/12] init secretlint with default settings --- .secretlintrc.json | 7 + package-lock.json | 788 ++++++++++++++++++++++++++++++++++++++++++++- package.json | 2 + 3 files changed, 784 insertions(+), 13 deletions(-) create mode 100644 .secretlintrc.json diff --git a/.secretlintrc.json b/.secretlintrc.json new file mode 100644 index 0000000..7a1a5df --- /dev/null +++ b/.secretlintrc.json @@ -0,0 +1,7 @@ +{ + "rules": [ + { + "id": "@secretlint/secretlint-rule-preset-recommend" + } + ] +} diff --git a/package-lock.json b/package-lock.json index f5f0fe2..59c44bf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,6 +13,7 @@ }, "devDependencies": { "@peerigon/configs": "^15.3.0", + "@secretlint/secretlint-rule-preset-recommend": "^11.4.1", "@types/node": "^25.5.0", "@vitest/coverage-v8": "^4.1.2", "eslint": "^9.39.2", @@ -21,6 +22,7 @@ "npm-run-all2": "^8.0.4", "pin-github-action": "^3.4.0", "prettier": "^3.8.1", + "secretlint": "^11.4.1", "typescript": "^5.9.3", "typescript-language-server": "^5.1.3", "vitest": "^4.1.2" @@ -80,6 +82,23 @@ "license": "MIT", "peer": true }, + "node_modules/@azu/format-text": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@azu/format-text/-/format-text-1.0.2.tgz", + "integrity": "sha512-Swi4N7Edy1Eqq82GxgEECXSSLyn6GOb5htRFPzBDdUkECGXtlf12ynO5oJSpWKPwCaUssOu7NfhDcCWpIC6Ywg==", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/@azu/style-format": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@azu/style-format/-/style-format-1.0.1.tgz", + "integrity": "sha512-AHcTojlNBdD/3/KxIKlg8sxIWHfOtQszLvOpagLTO+bjC3u7SAszu1lf//u7JJC50aUSH+BVWDD/KvaA6Gfn5g==", + "dev": true, + "license": "WTFPL", + "dependencies": { + "@azu/format-text": "^1.0.1" + } + }, "node_modules/@babel/code-frame": { "version": "7.29.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", @@ -1837,6 +1856,181 @@ "dev": true, "license": "MIT" }, + "node_modules/@secretlint/config-creator": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/config-creator/-/config-creator-11.4.1.tgz", + "integrity": "sha512-gWFJvjIrSd1LW0Su8eaVeo4mKEoxNoTVkVm1a9krJWeIDXG6iJ0/Hwp7d6TqDxCmwjEZQ80d/PH2TzU144bpVA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/types": "11.4.1" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/config-loader": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/config-loader/-/config-loader-11.4.1.tgz", + "integrity": "sha512-x91BCLX8Q2qdQvAIt2uUJx/W3mX82p5mW7tldG8di6vYGWxg5MjXSfcSpPhSRdjJJysl770RnOn1+OEJttAjxA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/profiler": "11.4.1", + "@secretlint/resolver": "11.4.1", + "@secretlint/types": "11.4.1", + "ajv": "^8.18.0", + "debug": "^4.4.3", + "rc-config-loader": "^4.1.4" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/config-loader/node_modules/ajv": { + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz", + "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@secretlint/config-loader/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, + "node_modules/@secretlint/core": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/core/-/core-11.4.1.tgz", + "integrity": "sha512-pGFyG0tF1Yp51NnbJrCACqYZSYZ0CZniGn0UYT/s9BNjXQ2wkd6qi9dlPeg6tedaICTQD1IByhyM02emvolO0Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/profiler": "11.4.1", + "@secretlint/types": "11.4.1", + "debug": "^4.4.3", + "structured-source": "^4.0.0" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/formatter": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/formatter/-/formatter-11.4.1.tgz", + "integrity": "sha512-0XWJkWEWZnva3l3cmkRQy+aH6JNqXJ9KqciQQhYYqmvN37gz0vIuXAmJ1V+NrgZPe3b6hpwWAKiJtKXBR57n7w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/resolver": "11.4.1", + "@secretlint/types": "11.4.1", + "@textlint/linter-formatter": "^15.5.2", + "@textlint/module-interop": "^15.5.2", + "@textlint/types": "^15.5.2", + "chalk": "^5.6.2", + "debug": "^4.4.3", + "pluralize": "^8.0.0", + "strip-ansi": "^7.2.0", + "table": "^6.9.0", + "terminal-link": "^4.0.0" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/formatter/node_modules/chalk": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", + "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/@secretlint/node": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/node/-/node-11.4.1.tgz", + "integrity": "sha512-Vz7sAt+6Zse6dnT8MsCD8RBqpvzepP3uaft0iN6BHQBia8akzyKhW16VrHQOykB4pfRoFHH8ZJfxoRw52HdS3A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/config-loader": "11.4.1", + "@secretlint/core": "11.4.1", + "@secretlint/formatter": "11.4.1", + "@secretlint/profiler": "11.4.1", + "@secretlint/source-creator": "11.4.1", + "@secretlint/types": "11.4.1", + "debug": "^4.4.3", + "p-map": "^7.0.4" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/profiler": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/profiler/-/profiler-11.4.1.tgz", + "integrity": "sha512-mMzPUnZ2+arX8PYCwKU1ouCHzVUIZiNWPtzyyguL0Oc7dokyk8u7QA4IwAl8DMm04GN3jntL2E+1CBVN7z3crg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@secretlint/resolver": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/resolver/-/resolver-11.4.1.tgz", + "integrity": "sha512-SIakIOk99/XvSl8FyZHkGw3TDBdOPEtC1PDFLbLBmx2SXFKyIiDFY+i8sYBDyK08EKEML7QHUDuGeDzFoEHkIA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@secretlint/secretlint-rule-preset-recommend": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/secretlint-rule-preset-recommend/-/secretlint-rule-preset-recommend-11.4.1.tgz", + "integrity": "sha512-htejVuXSTVOlhZhJ9XqdKXBtWTuL+EbG2LdQQk0pfQFJfZLpeNUTjI8fE9ZCuFejuUJiGv1jUi1/rqT64M0Dvg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/source-creator": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/source-creator/-/source-creator-11.4.1.tgz", + "integrity": "sha512-Q6k6sQmYy7whNl0qfqetfinYKC2TYjG501qw96iMfkdBwrGeqlajFWsGLcaLHQlAVldRMHCEmlyw2m4I7uwJ/Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/types": "11.4.1", + "istextorbinary": "^9.5.0" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@secretlint/types": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/@secretlint/types/-/types-11.4.1.tgz", + "integrity": "sha512-30jPadVKENeyZKNT7MCO0jTKAYQcWV6TIIccqHx874rBlzU/mBiTnGZdLSflFGECttscgqtozPKawM0fjBwDEg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=20.0.0" + } + }, "node_modules/@semantic-release/commit-analyzer": { "version": "13.0.1", "resolved": "https://registry.npmjs.org/@semantic-release/commit-analyzer/-/commit-analyzer-13.0.1.tgz", @@ -2479,6 +2673,122 @@ } } }, + "node_modules/@textlint/ast-node-types": { + "version": "15.5.2", + "resolved": "https://registry.npmjs.org/@textlint/ast-node-types/-/ast-node-types-15.5.2.tgz", + "integrity": "sha512-fCaOxoup5LIyBEo7R1oYWE7V4bSX0KQeHh66twon9e9usaLE3ijgF8QjYsR6joCssdeCHVd0wHm7ppsEyTr6vg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@textlint/linter-formatter": { + "version": "15.5.2", + "resolved": "https://registry.npmjs.org/@textlint/linter-formatter/-/linter-formatter-15.5.2.tgz", + "integrity": "sha512-jAw7jWM8+wU9cG6Uu31jGyD1B+PAVePCvnPKC/oov+2iBPKk3ao30zc/Itmi7FvXo4oPaL9PmzPPQhyniPVgVg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@azu/format-text": "^1.0.2", + "@azu/style-format": "^1.0.1", + "@textlint/module-interop": "15.5.2", + "@textlint/resolver": "15.5.2", + "@textlint/types": "15.5.2", + "chalk": "^4.1.2", + "debug": "^4.4.3", + "js-yaml": "^4.1.1", + "lodash": "^4.17.23", + "pluralize": "^2.0.0", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "table": "^6.9.0", + "text-table": "^0.2.0" + } + }, + "node_modules/@textlint/linter-formatter/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/@textlint/linter-formatter/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true, + "license": "MIT" + }, + "node_modules/@textlint/linter-formatter/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/@textlint/linter-formatter/node_modules/pluralize": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-2.0.0.tgz", + "integrity": "sha512-TqNZzQCD4S42De9IfnnBvILN7HAW7riLqsCyp8lgjXeysyPlX5HhqKAcJHHHb9XskE4/a+7VGC9zzx8Ls0jOAw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@textlint/linter-formatter/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@textlint/linter-formatter/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@textlint/module-interop": { + "version": "15.5.2", + "resolved": "https://registry.npmjs.org/@textlint/module-interop/-/module-interop-15.5.2.tgz", + "integrity": "sha512-mg6rMQ3+YjwiXCYoQXbyVfDucpTa1q5mhspd/9qHBxUq4uY6W8GU42rmT3GW0V1yOfQ9z/iRrgPtkp71s8JzXg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@textlint/resolver": { + "version": "15.5.2", + "resolved": "https://registry.npmjs.org/@textlint/resolver/-/resolver-15.5.2.tgz", + "integrity": "sha512-YEITdjRiJaQrGLUWxWXl4TEg+d2C7+TNNjbGPHPH7V7CCnXm+S9GTjGAL7Q2WSGJyFEKt88Jvx6XdJffRv4HEA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@textlint/types": { + "version": "15.5.2", + "resolved": "https://registry.npmjs.org/@textlint/types/-/types-15.5.2.tgz", + "integrity": "sha512-sJOrlVLLXp4/EZtiWKWq9y2fWyZlI8GP+24rnU5avtPWBIMm/1w97yzKrAqYF8czx2MqR391z5akhnfhj2f/AQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@textlint/ast-node-types": "15.5.2" + } + }, "node_modules/@tybys/wasm-util": { "version": "0.10.1", "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.1.tgz", @@ -2581,8 +2891,7 @@ "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==", "dev": true, - "license": "MIT", - "peer": true + "license": "MIT" }, "node_modules/@types/unist": { "version": "3.0.3", @@ -3334,6 +3643,16 @@ "dev": true, "license": "MIT" }, + "node_modules/astral-regex": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, "node_modules/async-function": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/async-function/-/async-function-1.0.0.tgz", @@ -3417,6 +3736,22 @@ "dev": true, "license": "MIT" }, + "node_modules/binaryextensions": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/binaryextensions/-/binaryextensions-6.11.0.tgz", + "integrity": "sha512-sXnYK/Ij80TO3lcqZVV2YgfKN5QjUWIRk/XSm2J/4bd/lPko3lvk0O4ZppH6m+6hB2/GTu+ptNwVFe1xh+QLQw==", + "dev": true, + "license": "Artistic-2.0", + "dependencies": { + "editions": "^6.21.0" + }, + "engines": { + "node": ">=4" + }, + "funding": { + "url": "https://bevry.me/fund" + } + }, "node_modules/birecord": { "version": "0.1.1", "resolved": "https://registry.npmjs.org/birecord/-/birecord-0.1.1.tgz", @@ -3432,6 +3767,13 @@ "license": "MIT", "peer": true }, + "node_modules/boundary": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/boundary/-/boundary-2.0.0.tgz", + "integrity": "sha512-rJKn5ooC9u8q13IMCrW0RSp31pxBCHE3y9V/tp3TdWSLf8Em3p6Di4NBpfzbJge9YjjFEsD0RtFEjtvHL5VyEA==", + "dev": true, + "license": "BSD-2-Clause" + }, "node_modules/brace-expansion": { "version": "5.0.5", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz", @@ -4571,6 +4913,23 @@ "readable-stream": "^2.0.2" } }, + "node_modules/editions": { + "version": "6.22.0", + "resolved": "https://registry.npmjs.org/editions/-/editions-6.22.0.tgz", + "integrity": "sha512-UgGlf8IW75je7HZjNDpJdCv4cGJWIi6yumFdZ0R7A8/CIhQiWUjyGLCxdHpd8bmyD1gnkfUNK0oeOXqUS2cpfQ==", + "dev": true, + "license": "Artistic-2.0", + "dependencies": { + "version-range": "^4.15.0" + }, + "engines": { + "ecmascript": ">= es5", + "node": ">=4" + }, + "funding": { + "url": "https://bevry.me/fund" + } + }, "node_modules/electron-to-chromium": { "version": "1.5.328", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.328.tgz", @@ -5795,6 +6154,23 @@ "dev": true, "license": "MIT" }, + "node_modules/fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" + }, "node_modules/fastq": { "version": "1.20.1", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz", @@ -6229,10 +6605,67 @@ "gopd": "^1.0.1" }, "engines": { - "node": ">= 0.4" + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/globby": { + "version": "14.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-14.1.0.tgz", + "integrity": "sha512-0Ia46fDOaT7k4og1PDW4YbodWWr3scS2vAr2lTbsplOt2WkKp0vQbkI9wKis/T5LV/dqPjO3bpS/z6GTJB82LA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@sindresorhus/merge-streams": "^2.1.0", + "fast-glob": "^3.3.3", + "ignore": "^7.0.3", + "path-type": "^6.0.0", + "slash": "^5.1.0", + "unicorn-magic": "^0.3.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globby/node_modules/@sindresorhus/merge-streams": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-2.3.0.tgz", + "integrity": "sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globby/node_modules/ignore": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/globby/node_modules/path-type": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-6.0.0.tgz", + "integrity": "sha512-Vj7sf++t5pBD637NSfkxpHSMfWaeig5+DKWLhcqIYx6mWQz5hdJTGDVMQiJcw1ZYkhs7AazKDGpRVji1LJCZUQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" }, "funding": { - "url": "https://github.com/sponsors/ljharb" + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/gopd": { @@ -7208,6 +7641,24 @@ "node": ">=8" } }, + "node_modules/istextorbinary": { + "version": "9.5.0", + "resolved": "https://registry.npmjs.org/istextorbinary/-/istextorbinary-9.5.0.tgz", + "integrity": "sha512-5mbUj3SiZXCuRf9fT3ibzbSSEWiy63gFfksmGfdOzujPjW3k+z8WvIBxcJHBoQNlaZaiyB25deviif2+osLmLw==", + "dev": true, + "license": "Artistic-2.0", + "dependencies": { + "binaryextensions": "^6.11.0", + "editions": "^6.21.0", + "textextensions": "^6.11.0" + }, + "engines": { + "node": ">=4" + }, + "funding": { + "url": "https://bevry.me/fund" + } + }, "node_modules/iterator.prototype": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/iterator.prototype/-/iterator.prototype-1.1.5.tgz", @@ -7777,6 +8228,13 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/lodash": { + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "dev": true, + "license": "MIT" + }, "node_modules/lodash-es": { "version": "4.17.23", "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz", @@ -7823,6 +8281,13 @@ "dev": true, "license": "MIT" }, + "node_modules/lodash.truncate": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.truncate/-/lodash.truncate-4.4.2.tgz", + "integrity": "sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw==", + "dev": true, + "license": "MIT" + }, "node_modules/lodash.uniqby": { "version": "4.7.0", "resolved": "https://registry.npmjs.org/lodash.uniqby/-/lodash.uniqby-4.7.0.tgz", @@ -11319,7 +11784,6 @@ "integrity": "sha512-tkAQEw8ysMzmkhgw8k+1U/iPhWNhykKnSk4Rd5zLoPJCuJaGRPo6YposrZgaxHKzDHdDWWZvE/Sk7hsL2X/CpQ==", "dev": true, "license": "MIT", - "peer": true, "engines": { "node": ">=18" }, @@ -11991,6 +12455,19 @@ "rc": "cli.js" } }, + "node_modules/rc-config-loader": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/rc-config-loader/-/rc-config-loader-4.1.4.tgz", + "integrity": "sha512-3GiwEzklkbXTDp52UR5nT8iXgYAx1V9ZG/kDZT7p60u2GCv2XTwQq4NzinMoMpNtXhmt3WkhYXcj6HH8HdwCEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "debug": "^4.4.3", + "js-yaml": "^4.1.1", + "json5": "^2.2.3", + "require-from-string": "^2.0.2" + } + }, "node_modules/rc/node_modules/strip-json-comments": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", @@ -12228,6 +12705,16 @@ "node": ">=0.10.0" } }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/resolve": { "version": "2.0.0-next.6", "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.6.tgz", @@ -12428,6 +12915,97 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/secretlint": { + "version": "11.4.1", + "resolved": "https://registry.npmjs.org/secretlint/-/secretlint-11.4.1.tgz", + "integrity": "sha512-G3ESOL10gASIYOh9z60JdCCCnocy6TpjtFnYvzKkipX5Oh6fH/hHhQcI/Cu36+8jUvPBeREg9pl5T0e6YPf3iw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@secretlint/config-creator": "11.4.1", + "@secretlint/formatter": "11.4.1", + "@secretlint/node": "11.4.1", + "@secretlint/profiler": "11.4.1", + "@secretlint/resolver": "11.4.1", + "debug": "^4.4.3", + "globby": "^14.1.0", + "read-pkg": "^9.0.1" + }, + "bin": { + "secretlint": "bin/secretlint.js" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/secretlint/node_modules/hosted-git-info": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-7.0.2.tgz", + "integrity": "sha512-puUZAUKT5m8Zzvs72XWy3HtvVbTWljRE66cP60bxJzAqf2DgICo7lYTY2IHUmLnNpjYvw5bvmoHvPc0QO2a62w==", + "dev": true, + "license": "ISC", + "dependencies": { + "lru-cache": "^10.0.1" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/secretlint/node_modules/lru-cache": { + "version": "10.4.3", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", + "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/secretlint/node_modules/normalize-package-data": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-6.0.2.tgz", + "integrity": "sha512-V6gygoYb/5EmNI+MEGrWkC+e6+Rr7mTmfHrxDbLzxQogBkgzo76rkok0Am6thgSF7Mv2nLOajAJj5vDJZEFn7g==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "hosted-git-info": "^7.0.0", + "semver": "^7.3.5", + "validate-npm-package-license": "^3.0.4" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/secretlint/node_modules/read-pkg": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-9.0.1.tgz", + "integrity": "sha512-9viLL4/n1BJUCT1NXVTdS1jtm80yDEgR5T4yCelII49Mbj0v1rZdKqj7zCiYdbB0CuCgdrvHcNogAKTFPBocFA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/normalize-package-data": "^2.4.3", + "normalize-package-data": "^6.0.0", + "parse-json": "^8.0.0", + "type-fest": "^4.6.0", + "unicorn-magic": "^0.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/secretlint/node_modules/unicorn-magic": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz", + "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/semantic-release": { "version": "25.0.3", "resolved": "https://registry.npmjs.org/semantic-release/-/semantic-release-25.0.3.tgz", @@ -12907,6 +13485,19 @@ "node": ">=8" } }, + "node_modules/slash": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", + "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/slice-ansi": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-8.0.0.tgz", @@ -13001,7 +13592,6 @@ "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", "dev": true, "license": "Apache-2.0", - "peer": true, "dependencies": { "spdx-expression-parse": "^3.0.0", "spdx-license-ids": "^3.0.0" @@ -13012,8 +13602,7 @@ "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", "dev": true, - "license": "CC-BY-3.0", - "peer": true + "license": "CC-BY-3.0" }, "node_modules/spdx-expression-parse": { "version": "3.0.1", @@ -13021,7 +13610,6 @@ "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "spdx-exceptions": "^2.1.0", "spdx-license-ids": "^3.0.0" @@ -13032,8 +13620,7 @@ "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.23.tgz", "integrity": "sha512-CWLcCCH7VLu13TgOH+r8p1O/Znwhqv/dbb6lqWy67G+pT1kHmeD/+V36AVb/vq8QMIQwVShJ6Ssl5FPh0fuSdw==", "dev": true, - "license": "CC0-1.0", - "peer": true + "license": "CC0-1.0" }, "node_modules/split2": { "version": "1.0.0", @@ -13310,6 +13897,16 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/structured-source": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/structured-source/-/structured-source-4.0.0.tgz", + "integrity": "sha512-qGzRFNJDjFieQkl/sVOI2dUjHKRyL9dAJi2gCPGJLbJHBIkyOHxjuocpIEfbLioX+qSJpvbYdT49/YCdMznKxA==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "boundary": "^2.0.0" + } + }, "node_modules/super-regex": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/super-regex/-/super-regex-1.1.0.tgz", @@ -13348,7 +13945,6 @@ "integrity": "sha512-zFObLMyZeEwzAoKCyu1B91U79K2t7ApXuQfo8OuxwXLDgcKxuwM+YvcbIhm6QWqz7mHUH1TVytR1PwVVjEuMig==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "has-flag": "^4.0.0", "supports-color": "^7.0.0" @@ -13373,6 +13969,120 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/table": { + "version": "6.9.0", + "resolved": "https://registry.npmjs.org/table/-/table-6.9.0.tgz", + "integrity": "sha512-9kY+CygyYM6j02t5YFHbNz2FN5QmYGv9zAjVp4lCDjlCw7amdckXlEt/bjMhUIfj4ThGRE4gCUH5+yGnNuPo5A==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "ajv": "^8.0.1", + "lodash.truncate": "^4.4.2", + "slice-ansi": "^4.0.0", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/table/node_modules/ajv": { + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz", + "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/table/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/table/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true, + "license": "MIT" + }, + "node_modules/table/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/table/node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true, + "license": "MIT" + }, + "node_modules/table/node_modules/slice-ansi": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "astral-regex": "^2.0.0", + "is-fullwidth-code-point": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/table/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/table/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/tagged-tag": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/tagged-tag/-/tagged-tag-1.0.0.tgz", @@ -13446,6 +14156,46 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/terminal-link": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/terminal-link/-/terminal-link-4.0.0.tgz", + "integrity": "sha512-lk+vH+MccxNqgVqSnkMVKx4VLJfnLjDBGzH16JVZjKE2DoxP57s6/vt6JmXV5I3jBcfGrxNrYtC+mPtU7WJztA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-escapes": "^7.0.0", + "supports-hyperlinks": "^3.2.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==", + "dev": true, + "license": "MIT" + }, + "node_modules/textextensions": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/textextensions/-/textextensions-6.11.0.tgz", + "integrity": "sha512-tXJwSr9355kFJI3lbCkPpUH5cP8/M0GGy2xLO34aZCjMXBaK3SoPnZwr/oWmo1FdCnELcs4npdCIOFtq9W3ruQ==", + "dev": true, + "license": "Artistic-2.0", + "dependencies": { + "editions": "^6.21.0" + }, + "engines": { + "node": ">=4" + }, + "funding": { + "url": "https://bevry.me/fund" + } + }, "node_modules/thenify": { "version": "3.3.1", "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", @@ -13979,12 +14729,24 @@ "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", "dev": true, "license": "Apache-2.0", - "peer": true, "dependencies": { "spdx-correct": "^3.0.0", "spdx-expression-parse": "^3.0.0" } }, + "node_modules/version-range": { + "version": "4.15.0", + "resolved": "https://registry.npmjs.org/version-range/-/version-range-4.15.0.tgz", + "integrity": "sha512-Ck0EJbAGxHwprkzFO966t4/5QkRuzh+/I1RxhLgUKKwEn+Cd8NwM60mE3AqBZg5gYODoXW0EFsQvbZjRlvdqbg==", + "dev": true, + "license": "Artistic-2.0", + "engines": { + "node": ">=4" + }, + "funding": { + "url": "https://bevry.me/fund" + } + }, "node_modules/vite": { "version": "8.0.3", "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.3.tgz", diff --git a/package.json b/package.json index 2323bdb..a52db4c 100644 --- a/package.json +++ b/package.json @@ -20,6 +20,7 @@ }, "devDependencies": { "@peerigon/configs": "^15.3.0", + "@secretlint/secretlint-rule-preset-recommend": "^11.4.1", "@types/node": "^25.5.0", "@vitest/coverage-v8": "^4.1.2", "eslint": "^9.39.2", @@ -28,6 +29,7 @@ "npm-run-all2": "^8.0.4", "pin-github-action": "^3.4.0", "prettier": "^3.8.1", + "secretlint": "^11.4.1", "typescript": "^5.9.3", "typescript-language-server": "^5.1.3", "vitest": "^4.1.2" From 918c0b15081b144d7c15f603b9cd64db09e57689 Mon Sep 17 00:00:00 2001 From: Niklas Haug Date: Thu, 2 Apr 2026 16:31:27 +0200 Subject: [PATCH 02/12] add secretlint to lint-staged config --- lint-staged.config.js | 1 + 1 file changed, 1 insertion(+) diff --git a/lint-staged.config.js b/lint-staged.config.js index 2b7364c..d396a67 100644 --- a/lint-staged.config.js +++ b/lint-staged.config.js @@ -1,4 +1,5 @@ export default { + "*": ["secretlint --no-glob"], "*.{js,jsx,ts,tsx,html,css,json,json5,md}": ["prettier --write"], "!(.github/workflows)/*.{yml,yaml}": ["prettier --write"], ".github/workflows/*.{yml,yaml}": [ From e150365226547aaecdae8cc402d9754abf09daca Mon Sep 17 00:00:00 2001 From: Niklas Haug Date: Thu, 2 Apr 2026 16:49:09 +0200 Subject: [PATCH 03/12] add secretlint workflow --- .github/workflows/secretlint.yml | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/secretlint.yml diff --git a/.github/workflows/secretlint.yml b/.github/workflows/secretlint.yml new file mode 100644 index 0000000..57ad856 --- /dev/null +++ b/.github/workflows/secretlint.yml @@ -0,0 +1,38 @@ +name: Secretlint +on: [push, pull_request] +permissions: + contents: read +jobs: + test: + name: "Secretlint" + runs-on: ubuntu-latest + steps: + - name: 📥 Checkout repository + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # main + + - name: 🟢 Setup Node.js + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # main + with: + node-version-file: ".tool-versions" + cache: "npm" + + - name: 🗄 Cache node_modules + id: cache-node_modules + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # main + with: + path: "**/node_modules" + key: node_modules-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} + + - name: 🗄 Cache .eslintcache + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # main + with: + path: .eslintcache + key: eslintcache-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} + + - name: 🔍 Install dependencies + if: steps.cache-node_modules.outputs.cache-hit != 'true' + run: | + npm ci --ignore-scripts --prefer-offline --no-audit + + - name: Lint with Secretlint + run: npx secretlint --format github "**/*" From b136132e1e1fbaa607b24d2988a9d65ae0c56184 Mon Sep 17 00:00:00 2001 From: Niklas Haug <54448642+niklashaug@users.noreply.github.com> Date: Tue, 14 Apr 2026 11:53:33 +0200 Subject: [PATCH 04/12] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/secretlint.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/secretlint.yml b/.github/workflows/secretlint.yml index 57ad856..e5872ad 100644 --- a/.github/workflows/secretlint.yml +++ b/.github/workflows/secretlint.yml @@ -1,5 +1,9 @@ name: Secretlint -on: [push, pull_request] +on: + push: + branches: + - main + pull_request: permissions: contents: read jobs: From cd02058a28fcb4a23a4d109516f138cb260cfb0f Mon Sep 17 00:00:00 2001 From: Niklas Haug Date: Tue, 14 Apr 2026 11:55:18 +0200 Subject: [PATCH 05/12] test: add fake GitHub token to trigger secretlint workflow --- .env | 1 + 1 file changed, 1 insertion(+) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..7794e16 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +GITHUB_TOKEN="ghp_1234567890abcdefghijklmnopqrstuvwxyzABCD" From 4d3cefb33b99e79443d457dc74424c20c9f6b1d6 Mon Sep 17 00:00:00 2001 From: Niklas Haug Date: Tue, 14 Apr 2026 11:57:25 +0200 Subject: [PATCH 06/12] Revert "test: add fake GitHub token to trigger secretlint workflow" This reverts commit cd02058a28fcb4a23a4d109516f138cb260cfb0f. --- .env | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index 7794e16..0000000 --- a/.env +++ /dev/null @@ -1 +0,0 @@ -GITHUB_TOKEN="ghp_1234567890abcdefghijklmnopqrstuvwxyzABCD" From e9239fe21b35941efa07dce795dd7f30073dd415 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:23:42 +0200 Subject: [PATCH 07/12] Refactor lint-secrets action --- .github/workflows/lint-secrets.yml | 38 +++++++++++++++++++++++++++ .github/workflows/secretlint.yml | 42 ------------------------------ 2 files changed, 38 insertions(+), 42 deletions(-) create mode 100644 .github/workflows/lint-secrets.yml delete mode 100644 .github/workflows/secretlint.yml diff --git a/.github/workflows/lint-secrets.yml b/.github/workflows/lint-secrets.yml new file mode 100644 index 0000000..b3eeeb5 --- /dev/null +++ b/.github/workflows/lint-secrets.yml @@ -0,0 +1,38 @@ +name: 🔍 Lint Secrets + +on: + push: + branches: + - main + - beta + pull_request: {} + workflow_dispatch: {} + +permissions: {} + +jobs: + lint-secrets: + name: 🔍 Lint Secrets + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: 📥 Checkout repository + uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # main + with: + persist-credentials: false + + - name: 🔍 Lint with Secretlint + shell: bash + run: | + set -euo pipefail + + secretlint_version="$(node -p "require('./package.json').devDependencies.secretlint")" + secretlint_version="${secretlint_version#^}" + secretlint_version="${secretlint_version#~}" + + docker run --rm --network none \ + -v "${PWD}:${PWD}" -w "${PWD}" \ + "secretlint/secretlint:${secretlint_version}" \ + secretlint --format github "**/*" diff --git a/.github/workflows/secretlint.yml b/.github/workflows/secretlint.yml deleted file mode 100644 index e5872ad..0000000 --- a/.github/workflows/secretlint.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Secretlint -on: - push: - branches: - - main - pull_request: -permissions: - contents: read -jobs: - test: - name: "Secretlint" - runs-on: ubuntu-latest - steps: - - name: 📥 Checkout repository - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # main - - - name: 🟢 Setup Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # main - with: - node-version-file: ".tool-versions" - cache: "npm" - - - name: 🗄 Cache node_modules - id: cache-node_modules - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # main - with: - path: "**/node_modules" - key: node_modules-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} - - - name: 🗄 Cache .eslintcache - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # main - with: - path: .eslintcache - key: eslintcache-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} - - - name: 🔍 Install dependencies - if: steps.cache-node_modules.outputs.cache-hit != 'true' - run: | - npm ci --ignore-scripts --prefer-offline --no-audit - - - name: Lint with Secretlint - run: npx secretlint --format github "**/*" From a70f7f0563461b01a6208cd2731dac2f5557ace3 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:29:14 +0200 Subject: [PATCH 08/12] Fix docker version mismatch --- .github/workflows/lint-secrets.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-secrets.yml b/.github/workflows/lint-secrets.yml index b3eeeb5..265275e 100644 --- a/.github/workflows/lint-secrets.yml +++ b/.github/workflows/lint-secrets.yml @@ -31,8 +31,9 @@ jobs: secretlint_version="$(node -p "require('./package.json').devDependencies.secretlint")" secretlint_version="${secretlint_version#^}" secretlint_version="${secretlint_version#~}" + secretlint_version="${secretlint_version#v}" docker run --rm --network none \ -v "${PWD}:${PWD}" -w "${PWD}" \ - "secretlint/secretlint:${secretlint_version}" \ + "secretlint/secretlint:v${secretlint_version}" \ secretlint --format github "**/*" From 71507b99a115b9f4d59a35038af88fd292cac494 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:31:51 +0200 Subject: [PATCH 09/12] test: add secretlint trigger fixture --- secretlint-trigger.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 secretlint-trigger.txt diff --git a/secretlint-trigger.txt b/secretlint-trigger.txt new file mode 100644 index 0000000..43e2033 --- /dev/null +++ b/secretlint-trigger.txt @@ -0,0 +1,7 @@ +This file intentionally contains a dummy secret pattern for CI testing. + +# Dummy AWS Access Key ID (example) +AKIAIOSFODNN7EXAMPLE + +# Dummy AWS Secret Access Key (example) +wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY From c5eabfb25cf6b7da413ed7588f3dd65cfc9178d9 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:33:54 +0200 Subject: [PATCH 10/12] test: adjust secretlint trigger Use a dummy private key header which should be flagged by the recommended ruleset. --- secretlint-trigger.txt | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/secretlint-trigger.txt b/secretlint-trigger.txt index 43e2033..5b56116 100644 --- a/secretlint-trigger.txt +++ b/secretlint-trigger.txt @@ -1,7 +1,6 @@ This file intentionally contains a dummy secret pattern for CI testing. -# Dummy AWS Access Key ID (example) -AKIAIOSFODNN7EXAMPLE - -# Dummy AWS Secret Access Key (example) -wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY +# Dummy private key header (non-functional) to trigger secretlint +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASC +-----END PRIVATE KEY----- From 10a8e186092636898f094d98ed91eeb795df2491 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:37:21 +0200 Subject: [PATCH 11/12] test: add secretlint trigger fixture --- secretlint-trigger.txt | 6 ------ src/secretlint-trigger.txt | 10 ++++++++++ 2 files changed, 10 insertions(+), 6 deletions(-) delete mode 100644 secretlint-trigger.txt create mode 100644 src/secretlint-trigger.txt diff --git a/secretlint-trigger.txt b/secretlint-trigger.txt deleted file mode 100644 index 5b56116..0000000 --- a/secretlint-trigger.txt +++ /dev/null @@ -1,6 +0,0 @@ -This file intentionally contains a dummy secret pattern for CI testing. - -# Dummy private key header (non-functional) to trigger secretlint ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASC ------END PRIVATE KEY----- diff --git a/src/secretlint-trigger.txt b/src/secretlint-trigger.txt new file mode 100644 index 0000000..9a894a7 --- /dev/null +++ b/src/secretlint-trigger.txt @@ -0,0 +1,10 @@ +This file intentionally contains a dummy secret pattern for CI testing. + +# Dummy private key (non-functional) to trigger secretlint +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAzvD7WmJYkFQnJvHNEQy0Vyy3cB8Gq8o0iHjG0wW8mQhO2xwY +5qV0jY0d6eW6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m +z8QnKpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQp +f7y9xG9l4qM7cKj6jVwV2c0Q7m9y5P1eYq8xk0k2Qm4p7Kq3o5f0d3a9b6c2d1e0 +8wIDAQABAoIBAB1q9H7xYbGx+QH8w2wYx2v3lKqf7Y7s0o7GfK7t8x8m8y8z8A== +-----END RSA PRIVATE KEY----- From 65281ea970e7abe68c5f86c104e5162266f49c74 Mon Sep 17 00:00:00 2001 From: Johannes Ewald Date: Thu, 23 Apr 2026 17:40:41 +0200 Subject: [PATCH 12/12] Finalize --- .github/workflows/lint-github-actions.yml | 2 +- .github/workflows/lint-secrets.yml | 2 +- src/secretlint-trigger.txt | 10 ---------- 3 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 src/secretlint-trigger.txt diff --git a/.github/workflows/lint-github-actions.yml b/.github/workflows/lint-github-actions.yml index c303d43..ef75864 100644 --- a/.github/workflows/lint-github-actions.yml +++ b/.github/workflows/lint-github-actions.yml @@ -18,7 +18,7 @@ permissions: {} jobs: lint-github-actions: - name: 🌈 zizmor + name: 🔍 Lint GitHub Actions runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/lint-secrets.yml b/.github/workflows/lint-secrets.yml index 265275e..790cf27 100644 --- a/.github/workflows/lint-secrets.yml +++ b/.github/workflows/lint-secrets.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - - name: 🔍 Lint with Secretlint + - name: 🔍 Run secretlint shell: bash run: | set -euo pipefail diff --git a/src/secretlint-trigger.txt b/src/secretlint-trigger.txt deleted file mode 100644 index 9a894a7..0000000 --- a/src/secretlint-trigger.txt +++ /dev/null @@ -1,10 +0,0 @@ -This file intentionally contains a dummy secret pattern for CI testing. - -# Dummy private key (non-functional) to trigger secretlint ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAzvD7WmJYkFQnJvHNEQy0Vyy3cB8Gq8o0iHjG0wW8mQhO2xwY -5qV0jY0d6eW6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m6m -z8QnKpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQpQp -f7y9xG9l4qM7cKj6jVwV2c0Q7m9y5P1eYq8xk0k2Qm4p7Kq3o5f0d3a9b6c2d1e0 -8wIDAQABAoIBAB1q9H7xYbGx+QH8w2wYx2v3lKqf7Y7s0o7GfK7t8x8m8y8z8A== ------END RSA PRIVATE KEY-----