From b1a71e60219cfa161edb77e4c4c6808216635415 Mon Sep 17 00:00:00 2001 From: bakerboy448 <55419169+bakerboy448@users.noreply.github.com> Date: Fri, 6 Mar 2026 20:13:27 -0600 Subject: [PATCH 1/2] chore: add pre-commit hooks and secrets baseline --- .pre-commit-config.yaml | 27 ++++++++ .secrets.baseline | 144 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..c239a28 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,27 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: trailing-whitespace + name: trim trailing whitespace + - id: end-of-file-fixer + name: fix end of files + - id: check-json + name: check json + - id: check-added-large-files + name: check for added large files + - id: check-merge-conflict + name: check for merge conflicts + - id: detect-private-key + name: detect private key + - id: mixed-line-ending + name: mixed line ending + args: ['--fix=lf'] + + - repo: https://github.com/Yelp/detect-secrets + rev: v1.5.0 + hooks: + - id: detect-secrets + name: detect secrets + args: ['--baseline', '.secrets.baseline'] + exclude: 'package-lock\.json$' diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..b31750b --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,144 @@ +{ + "version": "1.5.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TelegramBotTokenDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + "package-lock\\.json$", + "node_modules/" + ] + } + ], + "results": { + "tests/noise.test.ts": [ + { + "type": "Secret Keyword", + "filename": "tests/noise.test.ts", + "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511", + "is_verified": false, + "line_number": 210 + } + ] + }, + "generated_at": "2026-03-07T02:10:26Z" +} From 9bde6bf583bbf74ea3748798815e23c15296c169 Mon Sep 17 00:00:00 2001 From: bakerboy448 <55419169+bakerboy448@users.noreply.github.com> Date: Fri, 6 Mar 2026 20:37:33 -0600 Subject: [PATCH 2/2] fix: address CodeRabbit review - allowlist test secret, bump hooks v6 --- .pre-commit-config.yaml | 2 +- .secrets.baseline | 14 ++------------ tests/noise.test.ts | 2 +- 3 files changed, 4 insertions(+), 14 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c239a28..842d33a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: trailing-whitespace name: trim trailing whitespace diff --git a/.secrets.baseline b/.secrets.baseline index b31750b..4660e7f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -129,16 +129,6 @@ ] } ], - "results": { - "tests/noise.test.ts": [ - { - "type": "Secret Keyword", - "filename": "tests/noise.test.ts", - "hashed_secret": "f2b14f68eb995facb3a1c35287b778d5bd785511", - "is_verified": false, - "line_number": 210 - } - ] - }, - "generated_at": "2026-03-07T02:10:26Z" + "results": {}, + "generated_at": "2026-03-07T02:37:05Z" } diff --git a/tests/noise.test.ts b/tests/noise.test.ts index 964916a..be81151 100644 --- a/tests/noise.test.ts +++ b/tests/noise.test.ts @@ -207,7 +207,7 @@ describe('stripNoise', () => { XDG_DATA_HOME: '/config/.local/share', PUID: '1000', TZ: 'America/New_York', - API_KEY: 'secret123', + API_KEY: 'secret123', // pragma: allowlist secret }, }, },