⚡ Install
- Open VS Code
- Press
Ctrl+Shift+X → search BugLens
- Click Install
- Open any code file → press
Ctrl+Shift+R
Done. No API key needed. No sign-up. Works instantly.
🎬 Demo
Open any file and press Ctrl+Shift+R:
# This code has a critical SQL injection vulnerability
def get_user(id):
query = f"SELECT * FROM users WHERE id = {id}"
return db.execute(query)
BugLens opens a review panel instantly:
🔍 BugLens Review — users.py
20 / 100 CRITICAL
┌─────────────────────────────────────────────────┐
│ 🔴 CRITICAL — SQL Injection Vulnerability │
│ 📍 Line 3 (click to jump) │
│ │
│ User input is directly embedded in the SQL │
│ query, allowing attackers to read, modify or │
│ delete your entire database. │
│ │
│ Fix: db.execute("SELECT * FROM users WHERE │
│ id = %s", (id,)) [Copy Fix] │
└─────────────────────────────────────────────────┘
💬 Ask BugLens about this code...
"Explain the SQL injection on line 3"
Line 3 is also underlined red directly in the editor — hover to see the issue without opening the panel.
✨ Features
🔍 Instant Code Review
Press Ctrl+Shift+R to get a full AI-powered review in seconds — bugs, security issues, performance problems, and style violations.
🎨 Inline Highlights
Problem lines are underlined directly in the editor — red for critical, yellow for warnings, purple for suggestions. Hover any line to see the issue and fix without opening the panel.
💬 Chat with Your Code (New in v0.3.0)
After a review, ask follow-up questions in natural language:
- "Explain the SQL injection on line 3"
- "How do I fix the hardcoded password?"
- "What's the real-world impact of this bug?"
BugLens remembers the context — follow-up questions work naturally.
📊 Quality Score
Every review gives a 0–100 score with a label (Excellent / Good / Needs Work / Critical) and a plain-English summary.
📋 One-Click Fix
Each issue has a Copy Fix button — one click copies the exact fix to your clipboard. No manual selecting.
🔗 Jump to Line
Click 📍 Line 14 in the review panel to jump directly to that line in the editor.
🤖 GitHub PR Bot
Automatically reviews every Pull Request and posts structured comments — zero human involvement needed. Set up in 2 minutes →
📈 Status Bar Score
After every review, the score appears in the VS Code bottom bar: ✅ BugLens: 94/100 (1 issue)
🔧 Refactored Code
When score is below 70, BugLens provides a complete refactored version of your code.
🌐 30+ Languages
Python · JavaScript · TypeScript · Java · Go · Rust · C/C++ · C# · PHP · Ruby · Swift · Dart · Kotlin · SQL · Bash · YAML · and more.
⌨️ How to Use
| Action |
How |
| Review current file |
Ctrl+Shift+R (Windows/Linux) |
| Review current file |
Cmd+Shift+R (Mac) |
| Review selected code |
Select lines → Ctrl+Shift+R |
| Click toolbar button |
🔍 icon in top-right editor bar |
| Right-click menu |
Right-click → BugLens: Review This Code |
| Status bar |
Click 🐛 BugLens at bottom right |
| Chat about code |
Type in chat box after review → press Enter |
🔴 What BugLens Catches
Bugs
- Logic errors and off-by-one mistakes
- Null/undefined handling issues
- Missing error handling
- Edge cases and race conditions
Security Issues
- SQL injection via string concatenation
- Cross-Site Scripting (XSS)
- Hardcoded API keys and passwords
- Insecure deserialization
- Missing input validation
- Broken authentication patterns
- N+1 database queries
- Unnecessary loops and O(n²) operations
- Blocking I/O in async code
- Memory leaks
Style Violations
- Naming convention issues
- Dead and duplicate code
- Missing type hints
- Code duplication
🐙 GitHub PR Bot
BugLens can automatically review every Pull Request on any GitHub repository — no manual pressing needed.
How it works
Developer opens a PR
↓ (automatic — zero human involvement)
GitHub sends event to BugLens server
↓
Server fetches changed files
↓
AI reviews each file
↓
Structured review posted as PR comment
↓
Developer sees review within 30 seconds
❌ BugLens Review: auth/login.py
Score: 20/100 | Issues: 5 | Model: meta-llama/llama-4-scout-17b-16e-instruct
🔀 Mixed changes — 1 new file(s) + 1 modified file(s)
🔴 [CRITICAL] Hardcoded admin password — Line 6
The admin password is hardcoded, which is a significant security risk.
Fix: Use bcrypt to hash passwords and store them securely.
🔴 [CRITICAL] SQL Injection vulnerability — Line 10
The query directly inserts username into SQL string.
Fix: Use parameterized queries or an ORM.
🔴 [CRITICAL] Hardcoded API key and secret — Line 13
Store API key and secret as environment variables.
Fix: Use os.environ.get('API_KEY') and os.environ.get('SECRET')
Reviewed by BugLens
Set up the PR bot on your repo
- Go to your GitHub repo → Settings → Webhooks → Add webhook
- Fill in:
- Payload URL:
https://buglens-api.onrender.com/api/v1/webhook
- Content type:
application/json
- Secret: contact @Vansh940 for the shared secret
- Events: Pull requests only
- Click Add webhook
Every PR in your repo will now get an automatic BugLens review. ✅
Want to self-host? See the Backend Setup →
⚙️ Settings
Open VS Code Settings (Ctrl+,) → search "buglens":
| Setting |
Default |
Description |
buglens.apiUrl |
https://buglens-api.onrender.com |
Backend server URL |
buglens.reviewOnSave |
false |
Auto-review every time you save |
buglens.showInlineHighlights |
true |
Colored underlines on problem lines |
Point to your own backend
If you self-host BugLens, change the API URL:
- Press
Ctrl+, → search "buglens"
- Change apiUrl to your server URL (e.g.
http://localhost:8000)
🛠️ Tech Stack
| Component |
Technology |
| Extension |
TypeScript + VS Code API |
| Backend |
FastAPI + Python 3.12 |
| AI Model |
Groq API — meta-llama/llama-4-scout-17b-16e-instruct |
| Database |
PostgreSQL (review history) |
| Cache |
Redis (Upstash) |
| GitHub Bot |
GitHub Webhooks + REST API |
| Hosting |
Render (free tier) |
🌐 Supported Languages
| Language |
Extensions |
| Python |
.py |
| JavaScript |
.js .jsx |
| TypeScript |
.ts .tsx |
| Java |
.java |
| Go |
.go |
| Rust |
.rs |
| C / C++ |
.c .cpp |
| C# |
.cs |
| PHP |
.php |
| Ruby |
.rb |
| Swift |
.swift |
| Dart |
.dart |
| Kotlin |
.kt |
| Scala |
.scala |
| HTML |
.html |
| CSS / SCSS |
.css .scss .sass |
| SQL |
.sql |
| Bash |
.sh |
| YAML |
.yml .yaml |
| JSON |
.json |
| + more |
.hs .ex .clj .r .lua ... |
❓ FAQ
Q: Is BugLens free?
A: Yes — completely free. No sign-up, no API key, no credit card.
Q: Does my code get stored anywhere?
A: No. Only review metadata (score, issue count, language) is stored. Your actual code is sent to the AI model and immediately discarded.
Q: How accurate are the reviews?
A: Very accurate for common issues (SQL injection, XSS, null pointers, hardcoded secrets). For complex business logic, treat it as a smart first pass — not a replacement for human review.
Q: Can I use my own backend?
A: Yes — see the GitHub repo for self-hosting instructions.
Q: The first review takes 30 seconds — why?
A: The free hosting tier sleeps after inactivity. First request wakes it up. Subsequent reviews are instant.
Q: How do I set up the GitHub PR bot?
A: See the GitHub PR Bot section above.
🔗 Links
Built with ❤️ by Vansh
⭐ Star the repo if BugLens helped you write better code!
