npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@godaddy/tartufo-node

v0.3.3

Published

Ensures Tartufo is available for npm-based projects

Downloads

148

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

swaagieswaagiemmason2mmason2jpina1-godaddyjpina1-godaddyjgowdyjgowdyibrandaoibrandaojpagejpagekinetifexkinetifexrxmarblesrxmarbleskquernakquerna3rdeden3rdedenjcrugzzjcrugzzdcousineaudcousineau

Keywords

Readme

Tartufo, Managed By npm!

Tartufo is an open-source project provides tooling to look for and find secrets that may or may not have been accidentally committed to code. It provides a wonderful pre-commit mode that is perfect for keeping repositories clean of committed secrets.

This package exists to help orchestrate making sure Tartufo is available for use by local developers working in pure-javascript projects. When installed into your projects, it will provide a local you can use in your package.json scripts.

This package prefers to use a globally-installed tartufo if present, otherwise it will install a local copy.

Prerequisites

This package requires that Python 3.6+ be installed and available. It expects to find python either at the command python3 or python if the former is not available.

This package does not currently support Windows!

Installing Python on a Mac

We recommend using Homebrew to install Python via brew install python.

Installing Python on Linux

Please follow your distro's recommendations for installing Python.

Installing Python on Windows

Windows is not yet supported with this package. This documentation will be udpated when it is supported.

Installing

Run npm install --save-dev @godaddy/tartufo-node to install in your local project

Example usage

You can use tartufo like any other npm-provided bin, for example to use tartufo as a pre-commit you could combine it with Husky:

Add the following to your package.json:

{
  "scripts": {
    "tartufo:pre-commit": "tartufo pre-commit"
  }
}

Then tell Husky to run the command on pre-commit:

npx husky add .husky/pre-commit "npm run tartufo:pre-commit"
git add .husky/pre-commit

Alternatively you could work with tartufo directly via npx, for example you could run npx tartufo --help in your project to see command line tools available to you.

Troubleshooting

This package provides a tartufo-helper tool to help diagnose issues locally. To do so, run npx tartufo-helper doctor to see debugging output. If necessary, it may recommend you run npx tartufo-helper reset to reset your local installation.

How it works

This package takes advantage of preinstall and postinstall npm lifecycle hooks. When installing into your package, two things will happen:

First, the preinstall script will validate your local environment and fail if it cannot find Python 3.6+.

Second postinstall script will check if you have tartufo available globally. If so, the postinstall script will exit as there is nothing to do!

However if no tartufo is available, it will create a venv locally (in the node_modules folder) and use pip to install tartufo.