sensitive-file/npmrc-auth

.npmrc with auth

highSensitive filesensitive-file

What it detects

Commit of .npmrc — this file often contains `_authToken` granting publish rights on npm.

Review the file; if it has `_authToken`, rotate immediately.

Path / basename / content-header match. No content body is stored — only the path.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.