Spaces:

sonic-coder
/

sonicoder

Running

sonicoder / code /hooks /builtins /warn-secrets-in-code.local.md

feat(agent): add Claude Code-style agent, skills, slash-commands, hooks, todos, sandboxed workspace, and full-stack scaffolding

81aa0b5 verified 2 days ago

450 Bytes

A newer version of the Gradio SDK is available: 6.19.0

name: warn-secrets-in-code
enabled: true
event: file
pattern: (API_KEY|SECRET|TOKEN|PASSWORD)\s*=\s*["'][^"']+["']
action: warn

🔐 Possible hardcoded secret detected

Hardcoded credentials are a security risk. Use environment variables instead:

import os
api_key = os.environ.get("API_KEY")

const apiKey = process.env.API_KEY;

Make sure to add the real secret to .env (and .env to .gitignore).