This extension helps you identify potential sensitive information like passwords, API keys, and tokens in your code files when opening or editing them. It provides warnings when potentially sensitive information is detected.
Key features:
Automatically scans files when they are opened or modified
Scans entire workspace when VS Code is opened
Detects common patterns for passwords, API keys, tokens, and secrets
Provides warnings in the editor and notification messages
Supports multiple file types including JSON, JavaScript, TypeScript, YAML, and more
Note: This extension is designed to help identify potential security issues but should not be relied upon as the sole method of securing your code.
Requirements
Visual Studio Code version 1.105.0 or higher
How It Works
The extension listens for file open and change events in your workspace. When a file is opened or modified, it checks the content for patterns that might indicate sensitive information such as:
Passwords (password, pass, pwd)
Usernames (username, user)
API keys and secrets (api_key, secret, token)
Authentication tokens
Long alphanumeric strings that might be keys
When potential sensitive information is detected, you'll see:
Warning messages in the Problems panel
Highlighting in the editor
Notification popups
Additionally, when VS Code is opened, the extension will scan all files in the workspace for sensitive information.
Extension Settings
This extension does not currently contribute any VS Code settings.
Known Issues
May produce false positives for placeholder values or comments
Limited to specific file types for performance reasons
Release Notes
0.0.1
Initial release of security-checker with basic sensitive information detection.
