- Install Violentmonkey (recommended for Firefox).
- Create a userscript targeting github.com repository pages.
- Hide file list elements or selectively hide files by name.
Example userscript (simplified):
// ==UserScript== // @name Hide GitHub Sensitive Files // @match https://github.com/*/* // @grant none // ==/UserScript== const hideNames = ["secret.txt","credentials.env"]; function hideFiles() { document.querySelectorAll('tr.js-navigation-item').forEach(row => { const name = row.querySelector('a.js-navigation-open')?.textContent?.trim(); if (hideNames.includes(name)) row.style.display = 'none'; }); } new MutationObserver(hideFiles).observe(document, { childList: true, subtree: true }); hideFiles(); Pros: flexible, persistent, can match filenames.
Cons: requires extension; JavaScript skills helpful; needs maintenance.
6) Browser extension for site-specific styles (Stylus) or content blocking (uBlock Origin)
- Stylus allows site-specific CSS rules without editing profile files.
- uBlock Origin can hide UI elements using cosmetic filters.
Example Stylus rule to hide files:
@-moz-document domain("github.com") { tr.js-navigation-item { display: none !important; } } You can refine selectors to hide only specific filenames.
Pros: user-friendly, reversible, persistent.
Cons: requires installing extensions.
Example: Hide files named “secret.*” with a userscript
(Concise explanation and code — see userscript example above. Use a MutationObserver to handle GitHub’s dynamic loading and to match file-name elements; add desired filenames to the hideNames array.)
When browser-side hiding is not enough
- If a file was committed, remove it from history and rotate secrets.
- For public repos, delete credentials and treat them as compromised.
- Use GitHub support/tools for reporting or removing cached blobs if needed.
Recommended, safe workflow
- Remove sensitive data from repo and rotate secrets (server-side fix).
- Add .gitignore and educate collaborators.
- Use private repos or access controls.
- For demos or screen-sharing, apply browser-side hiding (userscripts, Stylus, or Inspector) as a last-mile visual privacy layer.
Quick reference: pros/cons table
| Method | Pros | Cons |
|---|---|---|
| Manual collapsing / file finder | No install; immediate | Manual; easy to slip up |
| Reader View | Built‑in; reduces UI | Not always available |
| Inspector (F12) | Precise; no install | Temporary; technical |
| userContent.css | Persistent; local | Requires config; fragile |
| Userscript (Violentmonkey) | Flexible; filename matching | Needs extension; maintenance |
| Stylus / uBlock | User-friendly; persistent | Requires extension |
Final notes
Browser-side hiding is a convenience for privacy during viewing or sharing but is not a security control. Treat it like drawing a curtain over a window: it blocks sightlines but does not change what’s inside the house. For real protection, remove secrets from the repository, rotate credentials, and adopt secret management best practices.
If you want, I can:
- Provide a ready-to-use userscript tuned to your repo structure.
- Create a Stylus rule that hides specific filenames.
- Walk through safe removal of sensitive files from Git history.
Leave a Reply