Skip to content
Pluggable linting tool to prevent commit secret/credential file.
TypeScript JavaScript
Branch: master
Clone or download
Latest commit 37e3dfb Feb 20, 2020

Secretlint Actions Status

Secretlint is pluggable linting tool to prevent commit secret/credential file.


  • Scan files and if the file has secret and report it
  • Prevent to commit credential files
  • Pluggable architecture


Installation and Usage

Prerequisites: Secretlint is written by JavaScript. It require Node.js 10+.

You can install Secretlint using npm:

npm install secretlint @secretlint/secretlint-rule-preset-recommend --save-dev

You should then set up a configuration file:

npx secretlint --init

After that, you can run Secretlint on any file or directory like this:

npx secretlint "**/*"

📝 Secretlint support glob pattern and glob pattern should be wrapped by double quote.

It is also possible to install Secretlint globally using npm install --global. But, We do not recommended it, some rules may be broken in globally.


Secretlint has a configuration file .secretlintrc.{json,yml,js}.

After running secretlint --init, you'll have a .secretlintrc.json file in your directory.

In it, you'll see some rules configured like this:

  "rules": [
      "id": "@secretlint/secretlint-rule-preset-recommend"

The id property is the name of secretlint rule package.

Secretlint does not have built-in rule. You want to add some rule and You should install the package and add the rule to .secretlintrc file.

Each rule has same configuration pattern

  • options: Option definition for the rule. For more details, see each rule documentation
  • disabled: If disabled is true, disable the rule

Example, @secretlint/secretlint-rule-example has allows options, but the rule is disabled.

  "rules": [
      "id": "@secretlint/secretlint-rule-example",
      "options": {
        "allows": [
      "disabled": true

Rule Packages

Secretlint rules are implemented as separated modules.

Also, Secretlint provide rule preset that package some rule set.


Pre-commit Hook

You can use Secretlint with a pre-commit tool. This can prevent to commit secret data by linting with Secretlint.

Husky + lint-staged

Install Husky and lint-staged:

npm install husky lint-staged --save-dev

Edit package.json:

  // ...
  "husky": {
    "hooks": {
      "pre-commit": "lint-staged"
  "lint-staged": {
    "*": [

This means that check each staged file by Secretlint before commit.


Opt-in instead of Opt-out

Secretlint adopt opt-in approach.

In our experience, linting tools that report various errors by default is difficult to use. Opt-in approach help to introduce Secretlint increasing.

A documentation per a Rule

We think a rule as a documentation.

Each rule should have reasonable documentation.

  • How?

Why Node.js?

  • Package Manager
    • Require pacakge manager to realize flexible pluggable system
    • Node.js has npm and yarn as package manager
    • Package manger help to install custom plugin/rule by user
  • Exist Reference Implementation
    • Node.js already has pluggable linting tools like ESLint, textlint, stylelint etc
    • So Node.js user familiar with pluggable linting tools
    • Previously, I created textlint as same approach, so I familiar with Node.js

If you interesting in Docker support, please see Docker support · Issue #7


See Releases page.

Running tests

Install devDependencies and Run npm test:

yarn test


Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

See also, and



MIT © azu

You can’t perform that action at this time.