diff --git a/detect_secrets/plugins/npm.py b/detect_secrets/plugins/npm.py index 0ec3b1434..7cab35916 100644 --- a/detect_secrets/plugins/npm.py +++ b/detect_secrets/plugins/npm.py @@ -13,5 +13,8 @@ class NpmDetector(RegexBasedDetector): denylist = [ # npmrc authToken # ref. https://stackoverflow.com/questions/53099434/using-auth-tokens-in-npmrc - re.compile(r'\/\/.+\/:_authToken=\s*((npm_.+)|([A-Fa-f0-9-]{36})).*'), + re.compile( + r'(?:npm_[A-Za-z0-9-]{36})|' + + r'(?:(?:_authToken|NPM[ _-]?TOKEN)[\s\S]{0,5}?(?:NpmToken\.)?([a-z0-9-]{36}).*)', + ), ] diff --git a/tests/plugins/npm_test.py b/tests/plugins/npm_test.py index d7d85492a..5c6f58932 100644 --- a/tests/plugins/npm_test.py +++ b/tests/plugins/npm_test.py @@ -11,11 +11,12 @@ class TestNpmDetector: ('//registry.npmjs.org/:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', True), ('//registry.npmjs.org/:_authToken=346a14f2-a672-4668-a892-956a462ab56e', True), ('//registry.npmjs.org/:_authToken= 743b294a-cd03-11ec-9d64-0242ac120002', True), - ('//registry.npmjs.org/:_authToken=npm_xxxxxxxxxxx', True), - ('//registry.npmjs.org:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False), - ('registry.npmjs.org/:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False), - ('///:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False), - ('_authToken=743b294a-cd03-11ec-9d64-0242ac120002', False), + ('//registry.npmjs.org/:_authToken=npm_xxxxxxxxxxx', False), + ('//registry.npmjs.org:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', True), + ('registry.npmjs.org/:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', True), + ('///:_authToken=743b294a-cd03-11ec-9d64-0242ac120002', True), + ('_authToken=743b294a-cd03-11ec-9d64-0242ac120002', True), + ('"_authToken" = "743b294a-cd03-11ec-9d64-0242ac120002"', True), ('foo', False), ('//registry.npmjs.org/:_authToken=${NPM_TOKEN}', False), ],