lockwarden secrets
Minimal hardcoded-secret scan of the project and dependency install paths.
Synopsis
Section titled “Synopsis”npx lockwarden secrets [--dir <path>]A regex + entropy scan for common credential patterns — in your project files and in dependency install-path files. It exists because checking for leaked credentials is a natural follow-up while you’re already auditing a tree; it is deliberately minimal and is not the reason to use lockwarden. If you need a dedicated secret scanner with a large pattern catalogue, use one.
secrets has no command-specific flags. All
global flags apply — in particular --dir <path> to
point at monorepo package roots.
Examples
Section titled “Examples”npx lockwarden secretsnpx lockwarden secrets --dir packages/api --dir packages/webnpx lockwarden secrets --json --ciExit codes
Section titled “Exit codes”| Code | Meaning |
|---|---|
0 | No secrets found at or above --threshold |
1 | Findings at or above --threshold |
2 | Execution error |
- Runs fully offline, always.
- Dependency install paths are included because 2026 malware families harvest
credentials at install time — a hardcoded token inside
node_modulesis a signal worth surfacing while you’re triaging.