Ccodemod

codemod/axios-basic-auth-with-env

Transforms hardcoded Basic Authentication headers in Axios requests to use environment variables instead

securityaxiosauthenticationenvironment-variablescredentialshardcoded-secrets
Public
0 downloads
0 stars
Apply to Repository
How to Use
Run this codemod on your codebase using one of the following commands

The easiest way to run this codemod without installing anything globally:

Documentation

Replace Hardcoded Axios Basic Auth with Environment Variables

A security-focused codemod that automatically transforms hardcoded Basic Authentication credentials in Axios requests to use environment variables instead, eliminating the risk of exposing sensitive credentials in source code.

Security Issue

CWE-798: Use of Hard-coded Credentials

Hardcoded credentials in source code pose significant security risks:

  • Credentials are visible to anyone with repository access
  • Secrets are stored in version control history
  • Production credentials may be accidentally committed
  • No easy way to rotate credentials without code changes

This codemod addresses OWASP Top 10 2021 - A07: Identification and Authentication Failures.

Installation

bash

What it transforms

1. Axios instance creation with auth objects

Before:

javascript

After:

javascript

2. Individual axios method calls with auth

Before:

javascript

After:

javascript

3. Basic Authorization headers

Before:

javascript

After:

javascript

4. Axios defaults headers

Before:

javascript

After:

javascript

What it doesn't transform

  • Files already using environment variables (process.env.*)
  • Test files with mock/placeholder credentials
  • Template files with variable placeholders (${VAR}, {{VAR}})
  • Non-basic authentication methods (Bearer tokens, API keys)
  • Dynamic credential retrieval from secure stores
  • Comments or documentation with example credentials

Environment Variables

After running this codemod, you'll need to set these environment variables:

bash

Or set them in your deployment environment:

bash

Supported File Types

  • JavaScript (.js)
  • TypeScript (.ts)
  • JSX (.jsx)
  • TSX (.tsx)

Security Benefits

Eliminates credential exposure in source code
Prevents accidental commits of production secrets
Enables credential rotation without code changes
Supports different credentials per environment
Improves security posture according to security best practices

Development

bash

References

License

MIT

Ready to contribute?

Build your own codemod and share it with the community.