Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[annoyance]: yarn 4.1.1 bundles an api key for npm-search and other super-linter gitleaks warnings (yarnPath related) #6201

Closed
1 task
sparecycles opened this issue Apr 3, 2024 · 2 comments
Closed
1 task

[annoyance]: yarn 4.1.1 bundles an api key for npm-search and other super-linter gitleaks warnings (yarnPath related) #6201

sparecycles opened this issue Apr 3, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@sparecycles
Copy link

Self-service

  • I'd be willing to implement a fix

Describe the bug

The github/super-linter complains with the following, as I found for a project based on an old template as I modernized it.

Solution was to have corepack enabled, and remove yarnPath from the yarnrc, along with the problematic .yarn/releases/ file that super-linter complains about.

See also https://yarnpkg.com/configuration/yarnrc

------
Finding:     ...{appId:"OFCNCOG2CU",apiKey:"6fe4476ee5a1832882e326b506d14126",indexName:"npm-sear...
Secret:      6fe4476ee5a1832882e326b506d14126
RuleID:      generic-api-key
Entropy:     3.566428
File:        /github/workspace/.yarn/releases/yarn-4.1.1.cjs
Line:        567
Fingerprint: /github/workspace/.yarn/releases/yarn-4.1.1.cjs:generic-api-key:567

Finding:     ...EANgIEIAJBFDYCAAsgBBAIDAELIAQQCCAAIQMLIAZBEGokACADIgBBAEgNAS...
Secret:      AIDAELIAQQCCAAIQMLIA
RuleID:      aws-access-token
Entropy:     2.708695
File:        /github/workspace/.yarn/releases/yarn-4.1.1.cjs
Line:        149
Fingerprint: /github/workspace/.yarn/releases/yarn-4.1.1.cjs:aws-access-token:149

Finding:     ...CgCTCEQIAAoAjghESAAKAKIAUEFSCETA0ACQCAKIAFB//8DcU0NAANAAkACQ...
Secret:      AKIAUEFSCETA0ACQCAKI
RuleID:      aws-access-token
Entropy:     3.203702
File:        /github/workspace/.yarn/releases/yarn-4.1.1.cjs
Line:        149
Fingerprint: /github/workspace/.yarn/releases/yarn-4.1.1.cjs:aws-access-token:149

Finding:     ...ABQQE2AgALIAdFDQQgAxAIDAQLIAMQHSEVIAMQHSEWIAMtAABFBEAgAQRAIA...
Secret:      AIDAQLIAMQHSEVIAMQHS
RuleID:      aws-access-token
Entropy:     3.146439
File:        /github/workspace/.yarn/releases/yarn-4.1.1.cjs
Line:        149
Fingerprint: /github/workspace/.yarn/releases/yarn-4.1.1.cjs:aws-access-token:149

To reproduce

Not including repro steps. Feel free to close this.

Environment

Github actions

Additional context

It took me a few hours to solve this and there were no existing threads on it. Now at least there will be a closed issue with a suggested fix for the next person that stumbles across this kind of problem.
@sparecycles sparecycles added the bug Something isn't working label Apr 3, 2024
@arcanis
Copy link
Member

arcanis commented Apr 3, 2024

This isn't a bug, nor something we can address except by obfuscating the code, which comes with other issues.

@arcanis arcanis closed this as not planned Won't fix, can't repro, duplicate, stale Apr 3, 2024
@sparecycles
Copy link
Author

Yep. Only wanted to share so that the next poor soul that comes across this isn't as alone as I was.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sparecycles @arcanis