Warning for hardcoded github token

JavaScript pattern

Avoid hard-coding secrets, such as credentials and sensitive data, directly into your application's source code. This practice poses a security risk as the information may be inadvertently leaked.

Warning for hardcoded github token

BEFORE
const b = "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"

const { Octokit } = require("@octokit/rest");

const octokit = new Octokit({ 
  auth: proccess.env.GITHUB_TOKEN,
});

const octokit = new Octokit({
  auth: "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",
});

const octokit = new Octokit({
  auth: b,
});

const octokit = new Octokit({
  auth: "ghp_Jreeeee",
});
AFTER
const b = "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 // risky token"

const { Octokit } = require("@octokit/rest");

const octokit = new Octokit({ 
  auth: proccess.env.GITHUB_TOKEN,
});

const octokit = new Octokit({
  auth: "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 // risky token",
});

const octokit = new Octokit({
  auth: b,
});

const octokit = new Octokit({
  auth: "ghp_Jreeeee",
});