SecureGuard - Real-Time Security Code Analyzer
SecureGuard is a powerful VS Code extension that provides real-time security analysis for JavaScript and TypeScript code. It detects security vulnerabilities as you type and provides instant fixes.
Features
Real-Time Detection
- Analyzes code instantly as you type (300ms debounce)
- No need to save or run any commands
- Works with JavaScript (.js, .jsx) and TypeScript (.ts, .tsx) files
Inline Diagnostics
- Red/yellow underlines highlight vulnerable code
- Severity levels: Errors (red) and Warnings (yellow)
- Shows exact location of security issues
Interactive Fixes
- Hover over vulnerable code to see detailed explanation
- Click the lightbulb to see quick fix options
- Apply fix with one click to automatically replace vulnerable code
Vulnerability Coverage
| Category |
Vulnerabilities Detected |
| Injection |
SQL Injection, Command Injection, eval() usage |
| XSS |
innerHTML usage, DOM-based XSS |
| Secrets |
Hardcoded passwords, API keys, tokens |
| Crypto |
Weak hashing (MD5, SHA1), insecure randomness |
| SSL/TLS |
Disabled certificate verification |
Installation
From VS Code Marketplace
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search for "SecureGuard"
- Click Install
From VSIX File
code --install-extension secureguard-0.0.1.vsix
From Source
# Clone the repository
git clone https://github.com/Ravandevil25/secureguard.git
cd secureguard
# Install dependencies
npm install
# Build the extension
npm run compile
# Package it
npx @vscode/vsce package
# Install locally
code --install-extension secureguard-0.0.1.vsix
Usage
Automatic Detection
Simply open any JavaScript or TypeScript file and start coding. SecureGuard will automatically analyze your code in real-time.
Manual Analysis
You can also trigger analysis manually:
- Open Command Palette (Ctrl+Shift+P)
- Type "SecureGuard" to see available commands
Viewing Vulnerabilities
- Problems Panel: View all issues in the Problems panel (Ctrl+Shift+M)
- Hover: Hover over underlined code for details
- Quick Fix: Click the lightbulb icon or press Ctrl+. to apply fixes
Detected Vulnerabilities
SQL Injection (Error)
// ❌ Vulnerable
const query = "SELECT * FROM users WHERE id=" + userId;
// ✅ Fixed
const query = "SELECT * FROM users WHERE id = ?";
db.query(query, [userId]);
XSS - innerHTML (Error)
// ❌ Vulnerable
element.innerHTML = userInput;
// ✅ Fixed
element.textContent = userInput;
Command Injection (Error)
// ❌ Vulnerable
exec("ls " + userInput);
// ✅ Fixed
exec("ls", [userInput]); // Use arguments array
Hardcoded Secrets (Warning)
// ❌ Vulnerable
const apiKey = "sk-1234567890abcdef";
// ✅ Fixed
const apiKey = process.env.API_KEY || '';
eval() Usage (Error)
// ❌ Vulnerable
const result = eval(userData);
// ✅ Fixed
const result = JSON.parse(userData); // For JSON parsing
Weak Cryptography (Warning)
// ❌ Vulnerable
const hash = crypto.createHash("md5");
// ✅ Fixed
const hash = crypto.createHash("sha256");
Insecure Random (Warning)
// ❌ Vulnerable
const randomId = Math.random();
// ✅ Fixed
const randomId = crypto.getRandomValues(new Uint32Array(1))[0];
Extension Settings
SecureGuard works out of the box with default settings. No configuration required!
Supported Languages
- JavaScript (.js, .jsx)
- TypeScript (.ts, .tsx)
- JavaScript React (.jsx)
- TypeScript React (.tsx)
Requirements
- VS Code version 1.85.0 or higher
- Node.js 18+ (for development)
Contributing
Contributions are welcome! Please read our contributing guidelines before submitting PRs.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature)
- Commit your changes (
git commit -m 'Add some amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- Inspired by OWASP Top 10
- Built with VS Code Extension API
- Thanks to all contributors!
Happy Secure Coding! 🔒
