Loading...
Loading...
Safely package codebases with repomix by automatically detecting and removing hardcoded credentials before packing. Use when packaging code for distribution, creating reference packages, or when the user mentions security concerns about sharing code with repomix.
npx skill4agent add daymade/claude-code-skills repomix-safe-mixersafe_pack.pyscripts/python3 scripts/safe_pack.py <directory>python3 scripts/safe_pack.py ./my-project🔍 Scanning ./my-project for hardcoded secrets...
✅ No secrets detected!
📦 Packing ./my-project with repomix...
✅ Packaging complete!
Package is safe to distribute.🔍 Scanning ./my-project for hardcoded secrets...
⚠️ Security Scan Found 3 Potential Secrets:
🔴 supabase_url: 1 instance(s)
- src/client.ts:5
Match: https://ghyttjckzmzdxumxcixe.supabase.co
❌ Cannot pack: Secrets detected!python3 scripts/safe_pack.py \
./my-project \
--output package.xmlpython3 scripts/safe_pack.py \
./my-project \
--config repomix.config.jsonpython3 scripts/safe_pack.py \
./my-project \
--exclude '.*test.*' '.*\.example'python3 scripts/safe_pack.py \
./my-project \
--force # ⚠️ NOT RECOMMENDEDscan_secrets.pyscripts/python3 scripts/scan_secrets.py <directory>python3 scripts/scan_secrets.py ./my-projectpython3 scripts/scan_secrets.py \
./my-project \
--jsonpython3 scripts/scan_secrets.py \
./my-project \
--exclude '.*test.*' '.*example.*' '.*SECURITY_AUDIT\.md'AKIA...sk_live_...pk_live_...sk-...AIza...eyJ...-----BEGIN PRIVATE KEY-----0x...references/common_secrets.mdconst SUPABASE_URL = "https://ghyttjckzmzdxumxcixe.supabase.co";
const API_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...";const SUPABASE_URL = import.meta.env.VITE_SUPABASE_URL || "https://your-project-ref.supabase.co";
const API_KEY = import.meta.env.VITE_API_KEY || "your-api-key-here";
// Validation
if (!import.meta.env.VITE_SUPABASE_URL) {
console.error("⚠️ Missing VITE_SUPABASE_URL environment variable");
}# Example environment variables
VITE_SUPABASE_URL=https://your-project-ref.supabase.co
VITE_API_KEY=your-api-key-here
# Instructions:
# 1. Copy this file to .env
# 2. Replace placeholders with real values
# 3. Never commit .env to version controlpython3 scripts/scan_secrets.py ./my-projectpython3 scripts/safe_pack.py ./my-projectyour-api-keyexample-keyplaceholder-value<YOUR_API_KEY>${API_KEY}TODO: add key.*test.*.*example.*.*sample.*//#/**process.env.API_KEYimport.meta.env.VITE_API_KEYDeno.env.get('API_KEY')--excludepython3 scripts/safe_pack.py ./projectpython3 scripts/safe_pack.py \
./project \
--config repomix.config.jsonpython3 scripts/safe_pack.py \
./project \
--output ~/Downloads/package-clean.xml# Scan and pack in one command
python3 scripts/safe_pack.py \
~/workspace/my-project \
--output ~/Downloads/my-project-package.xml# Step 1: Scan to discover secrets
python3 scripts/scan_secrets.py ~/workspace/my-project
# Step 2: Review findings and replace credentials with env vars
# (Edit files manually or with automation)
# Step 3: Verify cleanup
python3 scripts/scan_secrets.py ~/workspace/my-project
# Step 4: Package safely
python3 scripts/safe_pack.py \
~/workspace/my-project \
--output ~/Downloads/my-project-clean.xml# Pre-commit hook: scan for secrets
python3 scripts/scan_secrets.py . --json
# Exit code 1 if secrets found (blocks commit)
# Exit code 0 if clean (allows commit)references/common_secrets.mdscripts/scan_secrets.pyscripts/safe_pack.pyrepomix-unmixerskill-creator