An open-source alternative to GitGuardian and Trufflehog for runtime environments. It scans JS bundles, validates Supabase/Firebase RLS configurations, and detects exposed API keys via a Chrome extension and CLI.
Tech Stack
PythonTesting & QA
Why keyleak-detector?
• Runs locally via CLI
• Validates live BaaS RLS rules
• Chrome extension for instant runtime checks
Limitations
• Manual extension trigger required
• No automated CI dashboard
• Limited to web-based secrets
6/3/2026
Last Update
32
Forks
1
Issues
MIT
License
Financial Leak Detected
Stop the "SaaS Tax"
Your team could be burning cash. Switching to keyleak-detector instantly boosts your runway.
