piilex - PII Scanner for VS Code
Detect personally identifiable information (PII) in your source code in real-time. Traces data flows from user input to logs, databases, and third-party APIs — and maps findings to GDPR, CCPA, APPI, HIPAA, and PCI-DSS regulatory articles.
Features
Real-time PII detection
piilex scans your code as you type and highlights PII with inline diagnostics:
- Critical (red squiggly) — passwords, SSN, credit cards, national IDs
- High (yellow squiggly) — email, phone, full name, address
- Medium (blue) — IP address, date of birth, device ID
- Low (gray hint) — user agent, cookies
56 PII types across 6 languages
Detects email, phone, SSN, credit card, passport, My Number (Japan), IBAN (EU), BSN (Netherlands), NHS (UK), biometric data, health records, API keys, passwords, and more — in TypeScript, JavaScript, Python, Go, Java, and C#.
Data flow tracing
Tracks PII from source to sink and alerts when sensitive data reaches dangerous destinations:
customer.email passed to logger.info() — PII leaked to logspayment.creditCardNumber passed to external API — PII sent to third partycustomer.email passed to analytics.track() — PII shared without consent
Quick fixes
Click the lightbulb (or press Ctrl+.) on a diagnostic to see fix suggestions:
- Mask before logging —
maskEmail(user.email)
- Encrypt before storage —
encrypt(user.ssn)
- Redact from response — replace with
"[REDACTED]"
Regulatory mapping (Pro)
With a Pro license, diagnostics include specific regulatory article references:
[Art.5(1f)] — GDPR: Integrity and Confidentiality[Art.13] — GDPR: Right to be informed[§1798.100] — CCPA: Right to know[Art.23] — APPI: Restriction on Third-Party Provision[164.312(b)] — HIPAA: Audit controls
Five frameworks supported: GDPR, CCPA, APPI, HIPAA, PCI-DSS.
Requirements
The piilex CLI must be installed and available in your PATH.
Homebrew (macOS / Linux):
brew install piilex/tap/piilex
npm:
npm install -g piilex
Manual: Download from GitHub Releases.
Verify installation:
piilex --version
Extension Settings
| Setting |
Default |
Description |
piilex.path |
"piilex" |
Path to the piilex binary |
piilex.enable |
true |
Enable or disable scanning |
piilex.severity |
"low" |
Minimum severity to display (low, medium, high, critical) |
Commands
Open the Command Palette (Ctrl+Shift+P) and type piilex:
| Command |
Description |
piilex: Show Status |
Show whether the scanner is active |
piilex: Scan Workspace |
Re-scan all open documents |
piilex: Enable |
Enable the PII scanner |
piilex: Disable |
Disable the PII scanner |
How it works
The extension launches piilex lsp as a Language Server Protocol server. When you open or edit a file, piilex parses it using tree-sitter AST analysis, matches identifiers against a PII dictionary, traces data flows, and publishes diagnostics.
The LSP server runs locally — no code is sent to any external service.
Troubleshooting
| Symptom |
Solution |
| "Failed to start LSP server" |
Ensure piilex is installed and in PATH. Run piilex --version in your terminal. |
| No diagnostics appearing |
Check that piilex.enable is true and piilex.severity is set to low. |
| Too many false positives |
Set piilex.severity to medium or high to filter low-confidence findings. |
| Slow on large projects |
Add exclusion patterns to .piilex.yml (e.g., node_modules/**, dist/**). |
Links
License
Apache-2.0
