Merge pull request #66 from Chrilleweb/cmn/dev

dotenv-diff-ignore

Author: Chrilleweb

CHANGELOG.md

@@ -15,12 +15,14 @@ This project follows [Keep a Changelog](https://keepachangelog.com/) and [Semant
 ## [2.2.7] - 2025-09-27
 ### Added
 - Added warning on .env not ignored by .gitignore on default.
+- added `dotenv-diff-ignore` comment to ignore lines from secret detection.
 
 ### Fixed
 - Fixed `--strict` error output to console when no warnings are found.
 
 ### Changed
 - No breaking changes.
+- Updated dependencies to latest versions.
 
 ## [2.2.6] - 2025-09-25
 ### Added

README.md

@@ -82,6 +82,17 @@ You can use the `--strict` flag to treat all warnings as errors. This is useful
 dotenv-diff --strict
 ```
 
+## ignore specific warnings
+
+You can use the `dotenv-diff-ignore` comment to ignore specific lines from secret detection. For example:
+
+```js
+const secret ="https://thisurlshouldbeignored.com"; // dotenv-diff-ignore
+const ignoredEntropy = "AIzaSyA-1234567890abcdefgHIJKLMNOpqrstuv" // dotenv-diff-ignore;
+```
+
+This will prevent `dotenv-diff` from flagging the line as a potential secret.
+
 ## Show unused variables
 
 As default, `dotenv-diff` will list variables that are defined in `.env` but never used in your codebase.

src/core/secretDetectors.ts

@@ -41,6 +41,18 @@ const HARMLESS_URLS = [
   /xmlns=["']http:\/\/www\.w3\.org\/2000\/svg["']/i, // SVG namespace
 ];
 
+/**
+ * Checks if a line has an ignore comment
+ * @param line - The line to check
+ * @returns True if the line should be ignored
+ */
+function hasIgnoreComment(line: string): boolean {
+  return (
+    /\/\/\s*dotenv-diff-ignore/.test(line) ||
+    /\/\*\s*dotenv-diff-ignore\s*\*\//.test(line)
+  );
+}
+
 /**
  * Checks if a string looks like a harmless literal.
  * @param s - The string to check.
@@ -133,6 +145,9 @@ export function detectSecretsInSource(
     // Skip comments
     if (/^\s*\/\//.test(line)) continue;
 
+    // Check if line has ignore comment
+    if (hasIgnoreComment(line)) continue;
+
     // Check for HTTPS URLs
     HTTPS_PATTERN.lastIndex = 0;
     let httpsMatch: RegExpExecArray | null;

test/e2e/cli.secrets.e2e.test.ts

@@ -310,4 +310,44 @@ describe('secrets detection (default scan mode)', () => {
     expect(res.status).toBe(0);
     expect(res.stdout).not.toContain('Potential secrets detected in codebase:');
   });
+  it('should ignore warnings with dotenv-diff-ignore comments', () => {
+    const cwd = tmpDir();
+
+    fs.writeFileSync(path.join(cwd, '.env'), 'DUMMY=\n');
+    fs.mkdirSync(path.join(cwd, 'src'), { recursive: true });
+    fs.writeFileSync(
+      path.join(cwd, 'src', 'index.ts'),
+      `
+      // These should be flagged normally
+      const service1 = 'https://shouldwarn.com';
+      const secret1 = "sk_live_abcdefghijklmnopqrstuvwx";
+      
+      // These should be ignored with comments
+      const service2 = 'https://exdfdfdfdfdfe.com'; // dotenv-diff-ignore
+      const service3 = "https://ignored.com/api" /* dotenv-diff-ignore */;
+      const secret2 = "sk_live_ignoredtoken123"; // dotenv-diff-ignore
+      const apiKey = 'AKIA1234567890IGNORE' /* dotenv-diff-ignore */;
+      
+      // Also test high entropy strings
+      const ignoredEntropy = "highEntropyButIgnored987654321fedcba"; // dotenv-diff-ignore
+
+      console.log(service1, service2, service3, secret1, secret2, apiKey, ignoredEntropy);
+    `.trimStart(),
+    );
+
+    const res = runCli(cwd, []);
+    expect(res.status).toBe(0);
+    expect(res.stdout).toContain('Potential secrets detected in codebase:');
+    
+    // Should warn about the non-ignored ones
+    expect(res.stdout).toContain('shouldwarn.com');
+    expect(res.stdout).toContain('sk_live_abcdefghijklmnopqrstuvwx');
+    
+    // Should NOT warn about the ignored ones
+    expect(res.stdout).not.toContain('exdfdfdfdfdfe.com');
+    expect(res.stdout).not.toContain('ignored.com');
+    expect(res.stdout).not.toContain('sk_live_ignoredtoken123');
+    expect(res.stdout).not.toContain('AKIA1234567890IGNORE');
+    expect(res.stdout).not.toContain('highEntropyButIgnored987654321fedcba');
+  });
 });