VibeGuard Security Assistant 🛡️

A real-time security assistant for developers that detects insecure code patterns and provides helpful warnings and best practices.

Features

VibeGuard automatically scans your code in real-time and detects:

🔑 Hardcoded Secrets

• API keys, tokens, and passwords in source code
• Suggests using environment variables instead

🔒 Insecure HTTP Usage

• HTTP URLs in fetch/axios calls
• Recommends HTTPS for secure communication

🌐 CORS Security Issues

• CORS policies allowing all origins (*)
• Warns about potential security risks in production

📁 Environment File Protection

• Checks if .env files are properly ignored in .gitignore
• Offers to automatically add .env to .gitignore

🚨 Environment Variable Exposure

• Detects when environment variables are being logged or exposed
• Prevents accidental leakage of sensitive information

Supported File Types

• JavaScript (.js, .jsx)
• TypeScript (.ts, .tsx)
• Python (.py)
• Environment files (.env)

🚀 Installation

From VS Code Marketplace

1. Open VS Code
2. Go to Extensions (Ctrl+Shift+X)
3. Search for "VibeGuard"
4. Click Install
5. The extension will automatically activate and start monitoring your files

From Source (Development)

git clone https://github.com/Amitk003/VibeGuard.git
cd VibeGuard
npm install
npm run compile

Then press F5 in VS Code to launch the Extension Development Host.

Commands

• VibeGuard: Enable - Enable real-time security scanning
• VibeGuard: Disable - Disable security scanning

How It Works

VibeGuard runs in the background and:

1. File Watching: Monitors changes to supported file types
2. Pattern Detection: Uses regex patterns to identify security issues
3. Real-time Alerts: Shows warning popups when issues are detected
4. Actionable Suggestions: Provides specific recommendations for fixes

Configuration

Currently, VibeGuard works out of the box with sensible defaults. Future versions will include customizable security rules and severity levels.

Examples

❌ What VibeGuard Catches

// Hardcoded API key
const apiKey = "sk-1234567890abcdef";

// HTTP instead of HTTPS
fetch("http://api.example.com/data");

// CORS allowing all origins
app.use(cors({ origin: "*" }));

// Logging environment variables
console.log(process.env);

✅ Recommended Alternatives

// Use environment variables
const apiKey = process.env.API_KEY;

// Use HTTPS
fetch("https://api.example.com/data");

// Specific CORS origins
app.use(cors({ origin: "https://yourdomain.com" }));

// Log specific values, not entire env
console.log("App started on port:", process.env.PORT);

🤝 Contributing

We welcome contributions! Here's how you can help:

🐛 Reporting Issues

• Use the GitHub Issues page
• Include code samples that trigger false positives/negatives
• Provide your VS Code version and operating system

🔧 Contributing Code

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Make your changes
4. Add tests if applicable
5. Commit your changes (git commit -m 'Add amazing feature')
6. Push to the branch (git push origin feature/amazing-feature)
7. Open a Pull Request

See CONTRIBUTING.md for detailed guidelines.

Development Setup

1. Clone the repository
2. Run npm install to install dependencies
3. Run npm run compile to build the extension
4. Press F5 to launch a new VS Code window with the extension loaded

Adding New Security Patterns

1. Edit src/security-detector.ts
2. Add new regex patterns to the patterns object
3. Update the detection logic in detectIssues()
4. Add appropriate warning messages

File Structure

src/
├── extension.ts          # Main extension logic
├── file-watcher.ts       # File monitoring and change detection
└── security-detector.ts  # Security pattern detection and warnings

Testing

• Test your changes by opening various file types
• Verify that security patterns are detected correctly
• Ensure warning messages are helpful and actionable

Testing

Run the pattern detection tests:

node test-patterns.js

This will verify that all security patterns are working correctly.

Debugging

1. Open the project in VS Code
2. Press F5 to launch the Extension Development Host
3. Open the test files (test-security.js, .env) to trigger detections
4. Check the Debug Console for any error messages
5. Use Developer: Reload Window to restart the extension

Roadmap

• [ ] Configurable security rules
• [ ] Custom pattern definitions
• [ ] Integration with popular linters
• [ ] Diagnostic highlighting in editor
• [ ] Severity level customization
• [ ] Whitelist/ignore functionality
• [ ] Security report generation

License

MIT License - see LICENSE file for details.

Support

If you encounter issues or have suggestions:

1. Check existing issues on GitHub
2. Create a new issue with detailed information
3. Include code samples that trigger false positives/negatives

Stay secure, code with confidence! 🛡️