PackageSpy is a versatile command-line tool designed to simplify the process of searching for secrets within packages on popular package managers using Gitleaks. It provides a convenient interface for security researchers, developers and system administrators to identify and manage sensitive information leaks across different environments.
Before you start using PackageSpy, make sure you have Go (Golang) installed on your system. You can download and install Go from the official website: Go Downloads
Once you have Go installed, you can install PackageSpy using the following command:
go install github.com/aydinnyunus/PackageSpy@latest
PackageSpy supports four different search options, combining keyword and package manager:
-
Search for packages using a keyword on npm:
go run . scan --search keyword --npm
-
Search for packages using a keyword on PyPI:
go run . scan --search keyword --pypi
-
Search for packages by a user's username on npm:
go run . scan --username username --npm
-
Search for packages by a user's username on PyPI:
go run . scan --username username --pypi
Replace keyword
with your desired search term and username
with the username you want to search for.
Here's an example of using PackageSpy to search for Python packages related to data science on PyPI:
go run . scan --search datascience --pypi
- Cross-platform compatibility: PackageSpy is written in Go, making it compatible with Windows, macOS, and Linux.
- Seamless integration: Easily incorporate PackageSpy into your development workflow by using the provided CLI commands.
- Efficient searches: Quickly find packages related to your specific needs using either keywords or usernames on npm and PyPI.
PackageSpy is an open-source project, and we welcome contributions from the community. If you have ideas for improvements or would like to report issues, please visit our GitHub repository: PackageSpy