Your AI Code Has 6 Secret Hits. Only 3 Ship in the npm Package.

Secrets in a published npm package are a different set from secrets in your repo. A secret scanner reads the whole git tree; npm pack ships only the files allowlist in package.json. leak_probe.py measures both and prints the gap. On the fixture below it found 6 hits and flagged 3 as actually shipping.

TL;DR

A scanner reads your git tree. The packager reads the files allowlist. They are not the same file set.

On the test package: 6 secret hits total, 3 of them ship in the tarball, 3 are git-only (a test/ fake and a root run.log, both outside the files allowlist). Exit 1.

leak_probe.py is ~80 lines of Python: provider regexes + entropy + a packaging filter. No network, no model, no exec, no install.