PreUpload Guard is a local, heuristic scanner and sanitizer. It reduces accidental disclosure risk; it does not certify a file as safe and does not replace credential rotation, access control, or security review.
PreUpload Guard 是本機啟發式掃描與去識別化工具。它用來降低意外外流風險,不保證檔案絕對安全,也不能取代憑證輪換、存取控制或資安審查。
The latest tagged release is supported. Security fixes are normally made on the default branch and released as soon as practical.
只支援最新已標記發布版。安全修正通常會先進入預設分支,再盡快發布。
Do not open a public issue with a real key, password, token, document, database, screenshot, or exploit payload.
Before the first public release, repository maintainers should enable GitHub’s private vulnerability reporting. Use the repository’s Security tab and “Report a vulnerability” flow. If that flow is not enabled, contact the maintainer privately through the repository owner profile and provide only a minimal redacted reproduction.
請不要在公開 issue 放入真實金鑰、密碼、Token、文件、資料庫、截圖或 exploit payload。
首次公開發布前,維護者應啟用 GitHub 的私密弱點回報功能。請使用儲存庫的 Security 分頁與「Report a vulnerability」流程。若尚未啟用,請透過 repository owner 的 GitHub 個人頁私下聯繫,且只提供最小化、遮罩後的重現步驟。
Include:
- Version and operating system.
- Redacted steps to reproduce.
- Expected and actual behavior.
- Whether the issue concerns scanning, sanitization, reports, archives, or CLI exit codes.
Never include:
- Real credentials, private keys, passwords, tokens, payment data, user data, full diagnostics, or original source files.