# detect-secrets-wasm A WebAssembly-powered tool to scan codebases for secrets using Yelp's detect-secrets, with **no Python dependency required**. This package is a WebAssembly port of the [detect-secrets](https://github.com/Yelp/detect-secrets) tool, allowing you to scan your codebase for secrets without needing to install Python or any Python dependencies. ## Features - **No Python Required**: Uses WebAssembly to run the Python code directly in Node.js - **Easy Installation**: Simple npm installation with no external dependencies - **Fast Scanning**: Efficiently scans files and directories for secrets - **Customizable**: Configure exclusions, scan specific directories, and more - **False Positive Detection**: Identifies likely false positives to reduce noise - **Missed Secret Detection**: Optional detection of patterns that might be missed by the main scanner ## Installation ```bash npm install -g detect-secrets-wasm ``` ## Usage ### Command Line ```bash # Scan the current directory detect-secrets-wasm # Scan a specific directory detect-secrets-wasm --directory ./src # Exclude specific files or directories detect-secrets-wasm --exclude-files "*.test.js,*.spec.js" --exclude-dirs "node_modules,dist" # Check for potentially missed secrets detect-secrets-wasm --check-missed # Save results to a file detect-secrets-wasm --output results.json ``` ### API ```javascript const detectSecrets = require('detect-secrets-wasm'); async function scanMyProject() { // Initialize the WebAssembly module (required before scanning) await detectSecrets.initialize(); // Scan a directory const results = await detectSecrets.scanDirectory('./src', { excludeFiles: ['*.test.js', '*.spec.js'], excludeDirs: ['node_modules', 'dist'], checkMissed: true }); console.log(`Found ${results.secrets.length} secrets`); // Scan a specific file const fileResults = await detectSecrets.scanFile('./config.js'); // Scan a string const contentResults = await detectSecrets.scanContent( 'const apiKey = "1234567890abcdef";', 'example.js' ); } scanMyProject().catch(console.error); ``` ## Options | Option | CLI Flag | Description | |--------|----------|-------------| | `directory` | `-d, --directory ` | Directory to scan (default: current directory) | | `root` | `-r, --root` | Scan from project root | | `excludeFiles` | `-e, --exclude-files ` | File patterns to exclude (comma-separated) | | `excludeDirs` | `-x, --exclude-dirs ` | Directory patterns to exclude (comma-separated) | | `checkMissed` | `-m, --check-missed` | Check for potentially missed secrets | | `verbose` | `-v, --verbose` | Include additional information | | `output` | `-o, --output ` | Output file path | ## How It Works This package uses [Pyodide](https://pyodide.org/), a WebAssembly port of Python, to run the detect-secrets Python code directly in Node.js. The WebAssembly module is loaded at runtime, and the Python code is executed in a sandboxed environment. The first time you run the tool, it will download and install the necessary Python packages in the WebAssembly environment. This may take a few seconds, but subsequent runs will be faster. ## Comparison with detect-secrets-js Unlike [detect-secrets-js](https://github.com/yourusername/detect-secrets-js), which requires Python to be installed on your system, detect-secrets-wasm bundles everything needed to run the tool in a single package. This makes it easier to install and use, especially in environments where installing Python is not possible or desirable. ## License MIT