Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Detect generic NPM auth #3712

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Detect generic NPM auth #3712

wants to merge 2 commits into from

Conversation

rgmz
Copy link
Contributor

@rgmz rgmz commented Dec 2, 2024
edited
Loading

Description:

This detects generic (non-standard) tokens for third-party registries (e.g., GitHub, Artifactory). The implementation is split from #2264.

It depends on #3705.

Future work

  • npm registry-auth-token test values
  • Whatever this is 
    2024-12-02T14:56:22-05:00	info-0	trufflehog.npm	Testing potential registry	{"detector_worker_id": "sHn25", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/Samsung/lwnode/blob/edc407f9f8092e9661ba753aa6e3a5de2a5f268b/deps/npm/CHANGELOG.md#L1", "registry": "github.com/claudiahdz", "token": "documentation"}
2024-12-02T14:56:23-05:00	info-0	trufflehog.npm	Testing potential registry	{"detector_worker_id": "sHn25", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/Samsung/lwnode/blob/edc407f9f8092e9661ba753aa6e3a5de2a5f268b/deps/npm/CHANGELOG.md#L1", "registry": "github.com/isaacs", "token": "documentation"}
2024-12-02T14:56:24-05:00	info-0	trufflehog.npm	Testing potential registry	{"detector_worker_id": "sHn25", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/Samsung/lwnode/blob/edc407f9f8092e9661ba753aa6e3a5de2a5f268b/deps/npm/CHANGELOG.md#L1", "registry": "github.com/dmitrydvorkin", "token": "documentation"}
2024-12-02T14:56:24-05:00	info-0	trufflehog.npm	Testing potential registry	{"detector_worker_id": "sHn25", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/Samsung/lwnode/blob/edc407f9f8092e9661ba753aa6e3a5de2a5f268b/deps/npm/CHANGELOG.md#L1", "registry": "www.youtube.com/watch", "token": "documentation"}
  • Other placeholders 
    2024-12-04T12:35:28Z    info-0  trufflehog.npm  Testing potential registry      {"detector_worker_id": "EaTeU", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/ibm-developer-skills-network/cazgi-IBM-Watson-NLU-Project/blob/03caf5b0a904516dcf9c9e53d176b1ad505ef3e1/node_modules/npm/docs/content/configuring-npm/npmrc.md#L1"
, "registry": "somewhere-else.com/myorg", "token": "MYTOKEN1"}
2024-12-04T12:35:29Z    info-0  trufflehog.npm  Testing potential registry      {"detector_worker_id": "FHk5T", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/ibm-developer-skills-network/cazgi-IBM-Watson-NLU-Project/blob/03caf5b0a904516dcf9c9e53d176b1ad505ef3e1/node_modules/npm/man/man5/npmrc.5#L1", "registry": "somewh
ere-else.com/another", "token": "MYTOKEN2"}
2024-12-04T02:55:38Z    info-0  trufflehog.npm  Testing potential registry      {"detector_worker_id": "ZvhLg", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/IBM/nodejs-idb-connector/blob/4216b27e9f7f325d248d09e9b75334ef98f999a3/.github/Jenkinsfile#L1", "registry": "registry.npmjs.org", "token": "credentials('idb-conne
ctor-npm-token"}
  • Environment variables / interpolation 
    2024-12-02T21:47:40-05:00	info-0	trufflehog.npm	Testing potential registry	{"detector_worker_id": "JnwWf", "detector": {"type":"NpmToken","version":3}, "timeout": 60, "link": "https://github.com/Shopify/react-native-skia/blob/a0b329fef10617fb95cb9b8b748379049621e740/.yarn/cache/@expo-vector-icons-npm-13.0.0-744b56496b-a1df3b08e5.zip", "registry": "npm.fontawesome.com", "token": "${npm_token}"}

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@rgmz rgmz force-pushed the feat/npm-generic-detector branch 3 times, most recently from c63eb2e to 71d86aa Compare December 2, 2024 15:41
@rgmz rgmz force-pushed the feat/npm-generic-detector branch from 71d86aa to bd22b5d Compare December 15, 2024 15:27
@rgmz rgmz force-pushed the feat/npm-generic-detector branch from bd22b5d to f4039b0 Compare December 31, 2024 15:20
@rgmz rgmz force-pushed the feat/npm-generic-detector branch from f4039b0 to 953f0db Compare January 11, 2025 20:16
@rgmz rgmz force-pushed the feat/npm-generic-detector branch from 953f0db to 19af8d2 Compare January 20, 2025 15:22
@rgmz rgmz force-pushed the feat/npm-generic-detector branch 3 times, most recently from 7e3e259 to 9b68e0a Compare February 2, 2025 23:04
@rgmz rgmz force-pushed the feat/npm-generic-detector branch from 9b68e0a to 8d810d2 Compare February 13, 2025 02:00
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rgmz