Skip to content

Amitk003/VibeGuard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
.vscode
.vscode
Β 
Β 
src
src
Β 
Β 
.eslintrc.json
.eslintrc.json
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.vscodeignore
.vscodeignore
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
icon.svg
icon.svg
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
test-patterns.js
test-patterns.js
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

VibeGuard Security Assistant πŸ›‘οΈ

Check it here: https://marketplace.visualstudio.com/items?itemName=amitk003.vibe-guard

A real-time security assistant for developers that detects insecure code patterns and provides helpful warnings and best practices.

Features

VibeGuard automatically scans your code in real-time and detects:

πŸ”‘ Hardcoded Secrets

  • API keys, tokens, and passwords in source code
  • Suggests using environment variables instead

πŸ”’ Insecure HTTP Usage

  • HTTP URLs in fetch/axios calls
  • Recommends HTTPS for secure communication

🌐 CORS Security Issues

  • CORS policies allowing all origins (*)
  • Warns about potential security risks in production

πŸ“ Environment File Protectionwoo

  • Checks if .env files are properly ignored in .gitignore
  • Offers to automatically add .env to .gitignore

🚨 Environment Variable Exposure

  • Detects when environment variables are being logged or exposed
  • Prevents accidental leakage of sensitive information

Supported File Types

  • JavaScript (.js, .jsx)
  • TypeScript (.ts, .tsx)
  • Python (.py)
  • Environment files (.env)

πŸš€ Installation

From VS Code Marketplace

  1. Open VS Code
  2. Go to Extensions (Ctrl+Shift+X)
  3. Search for "VibeGuard"
  4. Click Install
  5. The extension will automatically activate and start monitoring your files

From Source (Development)

git clone https://github.com/Amitk003/VibeGuard.git
cd VibeGuard
npm install
npm run compile

Then press F5 in VS Code to launch the Extension Development Host.

Commands

  • VibeGuard: Enable - Enable real-time security scanning
  • VibeGuard: Disable - Disable security scanning

How It Works

VibeGuard runs in the background and:

  1. File Watching: Monitors changes to supported file types
  2. Pattern Detection: Uses regex patterns to identify security issues
  3. Real-time Alerts: Shows warning popups when issues are detected
  4. Actionable Suggestions: Provides specific recommendations for fixes

Configuration

Currently, VibeGuard works out of the box with sensible defaults. Future versions will include customizable security rules and severity levels.

Examples

❌ What VibeGuard Catches

// Hardcoded API key
const apiKey = "sk-1234567890abcdef";

// HTTP instead of HTTPS
fetch("http://api.example.com/data");

// CORS allowing all origins
app.use(cors({ origin: "*" }));

// Logging environment variables
console.log(process.env);

βœ… Recommended Alternatives

// Use environment variables
const apiKey = process.env.API_KEY;

// Use HTTPS
fetch("https://api.example.com/data");

// Specific CORS origins
app.use(cors({ origin: "https://yourdomain.com" }));

// Log specific values, not entire env
console.log("App started on port:", process.env.PORT);

🀝 Contributing

We welcome contributions! Here's how you can help:

πŸ› Reporting Issues

  • Use the GitHub Issues page
  • Include code samples that trigger false positives/negatives
  • Provide your VS Code version and operating system

πŸ”§ Contributing Code

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Make your changes
  4. Add tests if applicable
  5. Commit your changes (git commit -m 'Add amazing feature')
  6. Push to the branch (git push origin feature/amazing-feature)
  7. Open a Pull Request

See CONTRIBUTING.md for detailed guidelines.

Development Setup

  1. Clone the repository
  2. Run npm install to install dependencies
  3. Run npm run compile to build the extension
  4. Press F5 to launch a new VS Code window with the extension loaded

Adding New Security Patterns

  1. Edit src/security-detector.ts
  2. Add new regex patterns to the patterns object
  3. Update the detection logic in detectIssues()
  4. Add appropriate warning messages

File Structure

src/
β”œβ”€β”€ extension.ts          # Main extension logic
β”œβ”€β”€ file-watcher.ts       # File monitoring and change detection
└── security-detector.ts  # Security pattern detection and warnings

Testing

  • Test your changes by opening various file types
  • Verify that security patterns are detected correctly
  • Ensure warning messages are helpful and actionable

Testing

Run the pattern detection tests:

node test-patterns.js

This will verify that all security patterns are working correctly.

Debugging

  1. Open the project in VS Code
  2. Press F5 to launch the Extension Development Host
  3. Open the test files (test-security.js, .env) to trigger detections
  4. Check the Debug Console for any error messages
  5. Use Developer: Reload Window to restart the extension

Roadmap

  • Configurable security rules
  • Custom pattern definitions
  • Integration with popular linters
  • Diagnostic highlighting in editor
  • Severity level customization
  • Whitelist/ignore functionality
  • Security report generation

License

MIT License - see LICENSE file for details.

Support

If you encounter issues or have suggestions:

  1. Check existing issues on GitHub
  2. Create a new issue with detailed information
  3. Include code samples that trigger false positives/negatives

Stay secure, code with confidence! πŸ›‘οΈ

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages