What's Changed

secretlint v11.2.3+ support npm Provenance.

• https://www.npmjs.com/package/secretlint

Testing

• refactor: Consolidate snapshot tests and move rule configs to test directories by @azu in #1188

CI

• chore(deps): update github/codeql-action action to v3.29.10 by @renovate[bot] in #1194
• chore(deps): update github/codeql-action action to v3.29.11 by @renovate[bot] in #1199
• CI: fix GitHub Workflows by @azu in #1200
• chore(deps): update actions/github-script action to v7.1.0 by @renovate[bot] in #1206
• feat: migrate from lerna-lite to pnpm with OIDC trusted publishing (#1207) by @azu in #1209
• feat: migrate from lerna-lite to pnpm native commands with OIDC support by @azu in #1211
• CI: add npm install -g npm by @azu in #1213
• CI: fix typo by @azu in #1214
• CI: fix typo by @azu in #1216

Dependency Updates

• chore(deps): update pnpm to v10.15.0 by @renovate[bot] in #1195
• fix(deps): update textlint to ^15.2.2 (patch) by @renovate[bot] in #1196
• chore(deps): update patch updates (patch) by @renovate[bot] in #1197
• chore(deps): update dependency rollup to ^4.47.1 by @renovate[bot] in #1198
• chore(deps): update patch updates (patch) by @renovate[bot] in #1201
• chore(deps): update dependency rollup to ^4.48.1 by @renovate[bot] in #1203
• chore(deps): update dependency rollup to ^4.49.0 by @renovate[bot] in #1204
• chore(deps): update lerna-lite monorepo to ^4.7.3 (patch) by @renovate[bot] in #1208

Other Changes

• chore(deps): update dependency bun to v1.2.21 by @renovate[bot] in #1202

Full Changelog: v11.2.0...v11.2.3

This is not released in npm.

What's Changed

Features

• feat: Add patterns array support to @secretlint/secretlint-rule-pattern by @azu in #1186

Bug Fixes

• Add support for Makefile variable pattern $(VARIABLE) in database-connection-string rule by @Copilot in #1191

Dependency Updates

• fix(deps): update dependency chalk to ^5.6.0 by @renovate[bot] in #1187
• chore(deps): update dependency rollup to ^4.46.3 by @renovate[bot] in #1189

New Contributors

• @Copilot made their first contribution in #1191

Full Changelog: v11.1.0...v11.2.0

What's Changed

Features

• feat: Add filePathGlobs option to @secretlint/secretlint-rule-pattern by @azu in #1184

You can use filePathGlobs to match against file paths using glob patterns:

{
  "rules": [
    {
      "id": "@secretlint/secretlint-rule-pattern",
      "options": {
        "patterns": [
          {
            "name": "env files",
            "filePathGlobs": ["**/.env", "**/.env.*"]
          },
          {
            "name": "AWS credentials in env files",
            "filePathGlobs": ["**/.env*"],
            "pattern": "/aws_access_key_id|aws_secret_access_key/i"
          },
          {
            "name": "private keys",
            "filePathGlobs": ["**/*.pem", "**/*.key"],
            "pattern": "/BEGIN (RSA |EC )?PRIVATE KEY/"
          }
        ]
      }
    }
  ]
}

• When only filePathGlobs is specified, the rule reports if the file path matches any of the glob patterns
• When only pattern is specified, the rule reports if the file content matches the regex pattern
• When both are specified, the rule reports only if both the file path matches the glob AND the content matches the pattern

Refactoring

• refactor(types): migrate from tsd to vitest for type testing by @azu in #1169

Testing

• fix(types): fix type tests by @azu in #1175

CI

• chore(deps): update actions/checkout action to v4.3.0 by @renovate[bot] in #1176
• chore(deps): update github/codeql-action action to v3.29.9 by @renovate[bot] in #1178

Dependency Updates

• chore(deps): update dependency @types/node to ^24.2.0 by @renovate[bot] in #1166
• chore(deps): update dependency tsd to ^0.33.0 by @renovate[bot] in #1167
• chore(deps): update dependency vitest to ^2.1.9 by @renovate[bot] in #1170
• chore(deps): update lerna-lite monorepo to ^4.7.0 (patch) by @renovate[bot] in #1171
• chore(deps): update patch updates (patch) by @renovate[bot] in #1174
• chore(deps): update dependency bun to v1.2.20 by @renovate[bot] in #1131
• chore(deps): update dependency tsx to ^4.20.4 by @renovate[bot] in #1177
• chore(deps): update lerna-lite monorepo to ^4.7.1 (patch) by @renovate[bot] in #1179
• chore(deps): update dependency @types/node to ^20.19.11 by @renovate[bot] in #1180
• chore(deps): update dependency @types/node to ^24.3.0 by @renovate[bot] in #1181
• chore(deps): update dependency turbo to ^2.5.6 by @renovate[bot] in #1182
• chore(deps): update lerna-lite monorepo to ^4.7.2 (patch) by @renovate[bot] in #1183

Full Changelog: v11.0.2...v11.1.0

What's Changed

Bug Fixes

• fix(binary): resolve --version issue in Bun compiled binaries by @azu in #1164

Documentation

• docs(contributing): add pre-release documentation checklist by @azu in #1162
• docs(readme): add missing rules from preset-recommend by @azu in #1163

Testing

• test: update valid test snapshots for database connection string rule by @azu in #1160

Dependency Updates

• chore(deps): update dependency lint-staged to ^16.1.4 by @renovate[bot] in #1159
• fix(deps): update dependency chalk to ^5.5.0 by @renovate[bot] in #1161

Full Changelog: v11.0.1...v11.0.2

New Recommended Rules

• Add @secretlint/secretlint-rule-anthropic to detect Claude API keys (pattern: sk-ant-api0\d-[A-Za-z0-9_-]{90,128}AA)
• Add @secretlint/secretlint-rule-database-connection-string to detect database credentials like mongodb://user:s3cr3tP4ss@cluster.mongodb.net/myd

What's Changed

Breaking Changes

• feat: add Anthropic and Database Connection String rules to recommended preset by @azu in #1154

Bug Fixes

• fix: use workspace:* references for internal dependencies in examples by @azu in #1157

Documentation

• docs: fix typos in README.md by @azu in #1143

Refactoring

• chore: migrate from Mocha to Vitest by @azu in #1152

Maintenance

• chore: update Node.js to v22 and maintain dependencies by @azu in #1144
• chore: migrate from Yarn Berry to pnpm by @azu in #1146

CI

• chore(deps): update github/codeql-action action to v3.29.4 by @renovate[bot] in #1135
• chore(deps): update github/codeql-action action to v3.29.5 by @renovate[bot] in #1141
• chore(deps): update github/codeql-action action to v3.29.7 by @renovate[bot] in #1142
• chore(deps): update actions/checkout digest to 8edcb1b by @renovate[bot] in #1150
• fix: correct YAML indentation in CodeQL workflow by @azu in #1153
• fix: add Node.js setup and dependencies installation to release workflow by @azu in #1155

Dependency Updates

• chore(deps): update lerna-lite monorepo to ^4.6.2 (patch) by @renovate[bot] in #1136
• fix(deps): update textlint to ^15.2.1 (patch) by @renovate[bot] in #1138
• chore(deps): update patch updates (patch) by @renovate[bot] in #1137
• chore(deps): update dependency rollup to ^4.46.1 by @renovate[bot] in #1139
• chore(deps): update dependency rollup to ^4.46.2 by @renovate[bot] in #1140
• chore(deps): update dependency tsx to ^4.7.3 by @renovate[bot] in #1147
• chore(deps): update dependency tsx to ^4.20.3 by @renovate[bot] in #1148
• chore(deps): update dependency tsx to ^4.20.3 by @renovate[bot] in #1149
• chore(deps): update dependency @rollup/plugin-node-resolve to ^15.3.1 by @renovate[bot] in #1151

Full Changelog: v10.2.2...v11.0.1

See v11.0.1

What's Changed

Bug Fixes

• sendgrid tokens are 69 characters long by @benibenj in #1133

Maintenance

• fix(turbo): fix turbo.json configuration to match actual file structure by @azu in #1123

Dependency Updates

• chore(deps): update patch updates (patch) by @renovate[bot] in #1124
• chore(deps): update lerna-lite monorepo to ^4.6.1 (patch) by @renovate[bot] in #1125
• chore(deps): update dependency @types/node-forge to ^1.3.13 by @renovate[bot] in #1126
• chore(deps): update dependency rollup to ^4.45.0 by @renovate[bot] in #1127
• chore(deps): update patch updates (patch) by @renovate[bot] in #1128
• chore(deps): update dependency turbo to ^2.5.5 by @renovate[bot] in #1129
• chore(deps): update patch updates (patch) by @renovate[bot] in #1130

Full Changelog: v10.2.1...v10.2.2

What's Changed

Bug Fixes

• fix(database-connection-string): improve password detection to avoid false negatives by @azu in #1118

CI

• chore(deps): update github/codeql-action action to v3.29.2 by @renovate[bot] in #1105

Dependency Updates

• chore(deps): update dependency @types/node-forge to ^1.3.12 by @renovate[bot] in #1107
• fix(deps): update textlint to ^15.1.1 (patch) by @renovate[bot] in #1110
• chore(deps): update dependency create-validator-ts to ^6.0.1 by @renovate[bot] in #1109
• chore(deps): update dependency rollup to ^4.44.2 by @renovate[bot] in #1111
• fix(deps): update textlint to ^15.2.0 (patch) by @renovate[bot] in #1112
• chore(deps): update lerna-lite monorepo to ^4.6.0 (minor) by @renovate[bot] in #1113
• chore(deps): bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in #1114
• chore(deps): update patch updates (patch) by @renovate[bot] in #1115
• chore(deps): update patch updates (patch) by @renovate[bot] in #1116

Other Changes

• chore(deps): update dependency @types/node to ^20.19.4 by @renovate[bot] in #1106
• chore(deps): update dependency bun to v1.2.18 by @renovate[bot] in #1108

Full Changelog: v10.2.0...v10.2.1

What's Changed

Features

• feat: add database connection string detection rule by @azu in #1099

@secretlint/secretlint-rule-database-connection-string detects following secrets

• MongoDB detection: Standard URI (mongodb://) and SRV format (mongodb+srv://)
• MySQL detection: Standard URI (mysql://), JDBC format (jdbc:mysql://), and X DevAPI (mysqlx://)
• PostgreSQL detection: Standard URI (postgresql://) and alternative format (postgres://)

const uri = "mongodb://user:s3cr3tP4ss@cluster.mongodb.net/mydb";
const mysql = "jdbc:mysql://admin:str0ngPwd@db.company.com:3306/app";
const pg = "postgres://user:c0mpl3xPass@db.example.com:5432/mydb";

Fixes

• fix(basicauth): limit protocol detection to HTTP/HTTPS/FTP to avoid overlap with database rules by @azu in #1101

CI

• chore(deps): update docker/setup-buildx-action action to v3.11.1 by @renovate in #1092
• feat(ci): add merge-gatekeeper workflow by @azu in #1097
• chore(deps): update github/codeql-action action to v3.29.1 by @renovate in #1102

Dependency Updates

• chore: update read-pkg from v8 to v9 by @noritaka1166 in #1094
• chore(deps): update dependencies by @azu in #1095
• chore(deps): update dependency @types/node to ^20.19.2 by @renovate in #1103

Other Changes

• chore(deps): update dependency bun to v1.2.17 by @renovate in #1093

Full Changelog: v10.1.1...v10.2.0