diff --git a/gulpfile.js b/gulpfile.js
index adf88d0f..eb242643 100644
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -1,9 +1,19 @@
-const gulp = require('gulp');
 const concat = require('gulp-concat');
-const expose = require('gulp-expose');
+const contains = require('gulp-contains');
 const del = require('del');
-const rename = require("gulp-rename");
 const eslint = require('gulp-eslint');
+const expose = require('gulp-expose');
+const gulp = require('gulp');
+const rename = require("gulp-rename");
+
+// Regex that looks for a populated client ID in the code. This is used to
+// catch cases where the client ID is accidentally committed in a sample.
+const CLIENT_ID_REGEX = /CLIENT_ID\s*=\s*'[^.']/;
+
+// String which if it appears in the source code bypasses the client ID check.
+// This is to allow samples that use a publicly-available demo client ID to
+// not trigger the error.
+const CLIENT_ID_BYPASS = '@credentialsOK';
 
 gulp.task('clean', async function() {
   return del([
@@ -22,5 +32,14 @@ gulp.task('lint', () => {
   return gulp.src(['src/*.js', 'samples/*.gs', 'test/**/*.js', '!node_modules/**'])
       .pipe(eslint())
       .pipe(eslint.format())
-      .pipe(eslint.failAfterError());
+      .pipe(eslint.failAfterError())
+      .pipe(contains({
+        search: CLIENT_ID_REGEX,
+        onFound: (string, file, cb) => {
+          if (file.contents.toString().includes(CLIENT_ID_BYPASS)) {
+            return false;
+          }
+          return cb(`Client ID found in file: "${file.relative}"`);
+        }
+      }));
 });
diff --git a/package-lock.json b/package-lock.json
index c46a8234..3d34b320 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3153,6 +3153,41 @@
         }
       }
     },
+    "gulp-contains": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gulp-contains/-/gulp-contains-1.2.0.tgz",
+      "integrity": "sha512-aoYM2Y14aUGJuelFwu/mFOm3rjfuWT7BaBZRNdhDA+CjlAz77Ja7e2h3FHTNstS+6jiicjOT3PBuaxTxG19oFg==",
+      "dev": true,
+      "requires": {
+        "plugin-error": "1.0.1",
+        "through2": "^0.6.3",
+        "vinyl": "2.2.0"
+      },
+      "dependencies": {
+        "readable-stream": {
+          "version": "1.0.34",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
+          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
+          "dev": true,
+          "requires": {
+            "core-util-is": "~1.0.0",
+            "inherits": "~2.0.1",
+            "isarray": "0.0.1",
+            "string_decoder": "~0.10.x"
+          }
+        },
+        "through2": {
+          "version": "0.6.5",
+          "resolved": "https://registry.npmjs.org/through2/-/through2-0.6.5.tgz",
+          "integrity": "sha1-QaucZ7KdVyCQcUEOHXp6lozTrUg=",
+          "dev": true,
+          "requires": {
+            "readable-stream": ">=1.0.33-1 <1.1.0-0",
+            "xtend": ">=4.0.0 <4.1.0-0"
+          }
+        }
+      }
+    },
     "gulp-eslint": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/gulp-eslint/-/gulp-eslint-4.0.2.tgz",
diff --git a/package.json b/package.json
index 5422380e..f8476229 100644
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
     "gulp": "^4.0.2",
     "gulp-clean": "^0.4.0",
     "gulp-concat": "^2.6.1",
+    "gulp-contains": "^1.2.0",
     "gulp-eslint": "^4.0.2",
     "gulp-expose": "0.0.7",
     "gulp-rename": "^1.4.0",
diff --git a/samples/IdentityServer4.gs b/samples/IdentityServer4.gs
index 46e8a8a0..26f9a45b 100644
--- a/samples/IdentityServer4.gs
+++ b/samples/IdentityServer4.gs
@@ -8,6 +8,7 @@
  */
 
 // Test credentials for the Demo API.
+// @credentialsOK
 var CLIENT_ID = 'server.code';
 var CLIENT_SECRET = 'secret';