Page tree
Skip to end of metadata
Go to start of metadata


The Javascript rule "Avoid hard-coded or in-comment passwords in code" ( rule code OPT.JAVASCRIPT.PasswordInComments) searches for hard-coded passwords in source code.

This rule checks if there are comments in the code that contain expressions that match with a predefined regexp pattern, so it can lead to several false positives and/or false negatives.


This rule contains the parameter "passwordPattern" that you can edit to change the default pattern if you are finding too many false positives.

The default regexp pattern is :