Expand description
§Token Security Analyzer
Fast, parallel token security analyzer for detecting exposed secrets, API keys, and sensitive tokens in your codebase.
§Features
- 🚀 Blazing fast: Uses ripgrep’s
ignorecrate for file walking - ⚡ Parallel: Leverages
rayonfor multi-threaded file scanning - 🧠 Smart: Respects
.gitignoreand common ignore patterns - 🔐 Security-focused: Detects dangerous patterns (print, log, echo)
- 📁 Context-aware: Prioritizes sensitive files (.env, configs)
- 🎯 Entropy detection: Identifies high-entropy strings (real secrets)
- 🏷️ Known prefixes: Detects known token formats (AWS, GitHub, Slack…)
§Quick Start
§As a library
use token_analyzer::{TokenSecurityAnalyzer, AnalyzerConfig};
use std::path::PathBuf;
let analyzer = TokenSecurityAnalyzer::new(AnalyzerConfig::default());
let report = analyzer.analyze("API_KEY", &PathBuf::from(".")).unwrap();
println!("Found {} calls in {} files", report.total_calls, report.files.len());
for file in &report.files {
if file.has_exposure {
println!("⚠️ {} - EXPOSED! (risk: {:?})", file.path.display(), file.risk_level);
}
}§As a CLI tool
# Install
cargo install token-analyzer
# Basic usage
token-analyzer API_KEY ./my-project
# Quick scan
token-analyzer API_KEY ./my-project --fast
# Thorough scan with JSON output
token-analyzer API_KEY ./my-project --thorough --json§Related Projects
- lazy-locker - Secure TUI secret manager that uses token-analyzer for security audits
§License
MIT License - see LICENSE for details.
Structs§
- Analysis
Report - Complete analysis report
- Analyzer
Config - Configuration for the token analyzer
- Exposure
Detail - Detailed exposure information
- File
Analysis - Analysis report for a single file
- Token
Security Analyzer - Token Security Analyzer
Enums§
- Exposure
Type - Exposure type detected
- Risk
Level - Risk level for a file based on its type and content
Constants§
- KNOWN_
TOKEN_ PREFIXES - Known token prefixes from popular services