Truffle Security dropped a sharp new open-source tool that digs through GitHub’s public commit history looking for zero-commit force pushes—a tactic devs use to erase mistakes, usually secrets. Problem is, they don’t go quietly.

By tapping into historical GitHub PushEvents via GH Archive, the tool hunts down dangling commits—the ghosts of deleted secrets that still linger. Stuff most scanners miss.

Heads-up: Force-pushing doesn’t scrub secrets anymore. Assume every leaked key is burned.