VS Code security extension for Web3 and crypto development
Bastion Security helps developers prevent plaintext secret leaks and risky dependency usage directly in Visual Studio Code. It scans for private keys, seed phrases, token-like credentials, and suspicious supply-chain dependency patterns before they become incidents.
Why Bastion Security
Local-first secret scanning for Web3 and crypto codebases.
Private key and seed phrase detection with Problems panel diagnostics.
Supply chain dependency checks across manifests and lockfiles.
AI-generated code risk checks for potential credential exfiltration patterns.
Clipboard consistency reminders for sensitive address workflows.
Features
Private Key And Secret Pattern Protection
Reviews the active file for private-key-like strings, seed-phrase-like text, and high-entropy encoded values.
Highlights findings in the editor and Problems panel.
Uses configurable thresholds so teams can tune sensitivity for their codebase.
AI Code Review Assistant
Reviews generated editor changes when enabled.
Warns when generated code appears to combine sensitive values with network calls.
Uses the editor language model API only when available and enabled by the user.
Clipboard Consistency Reminder
Keeps a temporary in-memory copy of recently copied text.
Warns when pasted text differs from the copied text being tracked.
Useful when reviewing wallet addresses or other sensitive values before pasting.
Anti-Compromise Pattern Interception: Detects and blocks known secret-like patterns, encoded key material, and high-risk credential formats at edit time.
Sensitive Text Lockout Behavior: Prevents risky credential content from being treated as normal low-risk text during active development workflows.
Firewall Warden Diagnostics: Raises high-severity diagnostics in both the editor and the Problems panel so issues are visible and actionable immediately.
Configuration And Manifest Interception (Supply Chain Attack Firewall)
Bastion applies strict manifest and dependency checks to reduce supply chain compromise risk. The guard monitors dependency and configuration changes for indicators commonly linked to credential theft and data exfiltration campaigns.
Crypto Stealer Blocklist Defense: Compares package names and related metadata against known malicious and high-risk dependency intelligence.
Anti-Exfiltration Interception: Flags typosquatting and dependency-confusion style patterns that are frequently used to target sensitive development environments.
Critical Blocking Alerts: Emits high-priority diagnostics when malicious or strongly suspicious manifest behavior is detected.
Commands
Command
Description
Bastion Security: Scan Current File
Manually review the active file.
Bastion Security: Toggle Review Assistant
Enable or disable generated-code review.
Bastion Security: Open Review Log
Open the review output channel.
Bastion Security: Open Project File Log
Open the project file review output channel.
Bastion Security: Clear Clipboard Buffer
Clear the temporary clipboard buffer.
Settings
Setting
Default
Description
bastionSecurity.enable
true
Enable editor diagnostics.
bastionSecurity.enableAiGuard
true
Enable generated-code review.
bastionSecurity.enableSupplyChainGuard
true
Enable project file checks.
bastionSecurity.enableClipboardGuard
true
Enable clipboard consistency reminders.
bastionSecurity.debugClipboardGuard
false
Enable verbose local clipboard output.
bastionSecurity.hexTextThreshold
3.5
Minimum threshold for long hexadecimal text diagnostics.
bastionSecurity.base58TextThreshold
4.0
Minimum threshold for long base58 text diagnostics.
Data Handling
Checks run in the extension host.
Review data is bundled with the extension.
The extension does not perform automatic runtime data updates.
Generated-code review uses the editor language model API only when available and enabled by the user.
Support
For issues or feature requests, open an issue on the project repository.
