Senext — Sensitive Content Detector
Catches hardcoded secrets — API keys, tokens, and connection strings — as you type. Highlights them inline and flags them in the Problems panel before they reach a commit. All detection is local with zero network calls.
Install
From the Marketplace (once published):
Search Senext in the VSCode Extensions panel, or run:
ext install your-publisher-id.cd-senext
From a .vsix file:
Command Palette → Extensions: Install from VSIX → select the file.
Features
- Inline highlighting — flagged secrets get a red background with a hover tooltip naming the pattern
- Problems panel integration — every match appears as a diagnostic with severity, source, and pattern ID
- 20+ built-in patterns across three categories: API keys, auth tokens, and connection strings
- Real-time scanning — triggers on file open, save, and text change (debounced 500ms)
- Fully offline — no data leaves your machine
Detected Secrets
| Category |
Patterns |
| API Keys |
AWS Access Key ID, AWS Secret Key, GCP API Key, Stripe (secret + publishable), SendGrid, OpenAI, Anthropic |
| Tokens |
GitHub PAT / OAuth / App tokens, npm token, Slack token, Slack webhook URL, JWT |
| Connection Strings |
MongoDB, PostgreSQL, MySQL, Redis (with embedded credentials) |
Commands
| Command |
Description |
Senext: Scan Active File |
Manually trigger a full scan of the current editor |
Senext: Clear All Diagnostics |
Remove all Senext diagnostics and highlights |
Access both via the Command Palette (Cmd+Shift+P).
Development Setup
Prerequisites: Node.js 18+, VSCode 1.85+
git clone https://github.com/your-username/cd-senext
cd cd-senext
npm install
Press F5 in VSCode to launch an Extension Development Host with Senext running. See docs/contributing.md for a full explanation of the dev loop, config files, and how to test manually.
Project Structure
src/
├── extension.ts # Entry point — wires up events and commands
├── detector.ts # Runs patterns against a document, returns matches
├── diagnostics.ts # Writes matches to VSCode's DiagnosticCollection
├── decorator.ts # Applies inline highlight decorations
└── patterns/
├── index.ts # SensitivePattern interface + aggregates all patterns
├── apiKeys.ts # AWS, GCP, Stripe, OpenAI, Anthropic, SendGrid
├── tokens.ts # GitHub, npm, Slack, JWT
└── connectionStrings.ts # MongoDB, PostgreSQL, MySQL, Redis
docs/
├── architecture.md # Module responsibilities, data flow, design decisions
├── contributing.md # Dev loop, config explained, how to add patterns
└── publishing.md # Full guide to publishing on the VSCode Marketplace
Adding a Pattern
Open the relevant file in src/patterns/ and add an entry:
{
id: 'my-service-key',
name: 'My Service API Key',
regex: /mykey_[a-zA-Z0-9]{32}/g,
severity: 'error',
message: 'My Service API key detected.',
}
See docs/contributing.md for step-by-step guidance.
Publishing
See docs/publishing.md for the full guide — publisher account setup, package.json fields, packaging, and pushing to the marketplace.
Privacy
Senext never reads, stores, transmits, or logs the content of matched secrets. Detection is entirely local and regex-based.
