Avoid hard-coding secrets, such as credentials and sensitive data, directly into your application's source code. This practice poses a security risk as the information may be inadvertently leaked.
Apply with the Grit CLI
grit apply warning_for_hardcoded_github_token
Warning for hardcoded github token
BEFORE
const b = "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"
const { Octokit } = require("@octokit/rest");
const octokit = new Octokit({
auth: proccess.env.GITHUB_TOKEN,
});
const octokit = new Octokit({
auth: "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",
});
const octokit = new Octokit({
auth: b,
});
const octokit = new Octokit({
auth: "ghp_Jreeeee",
});AFTER
const b = "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 // risky token"
const { Octokit } = require("@octokit/rest");
const octokit = new Octokit({
auth: proccess.env.GITHUB_TOKEN,
});
const octokit = new Octokit({
auth: "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 // risky token",
});
const octokit = new Octokit({
auth: b,
});
const octokit = new Octokit({
auth: "ghp_Jreeeee",
});