Overview Version History Q & A Rating & Review
VibeSafe — Security Scanner
The official VS Code extension of vibesafe.info — an AI-powered security scanner built for vibe coders and non-technical founders using tools like Lovable, Bolt, Cursor, and Replit.
Scan the file you're working on and get plain-English security results without leaving your editor.
What it catches
🔑 Exposed API keys & secrets — hardcoded Stripe, OpenAI, Supabase keys
💉 SQL injection & XSS — user input reaching queries or the DOM unsanitised
🔓 Broken authentication — client-side-only checks, weak comparisons
🗄️ Supabase RLS issues — the #1 cause of vibe-coded app breaches
💥 Runtime errors — missing awaits, null risks, unhandled rejections
📦 Hallucinated packages — AI-invented imports that don't exist
How to use
Open any .js, .ts, .jsx, .tsx, .py, .java, or .cs file
Press Ctrl+Shift+V (Cmd+Shift+V on Mac) — or right-click → VibeSafe: Scan Current File
Issues appear as inline squiggles plus a results panel with plain-English explanations and fixes
You can also scan just a selection: highlight code → right-click → VibeSafe: Scan Selected Code .
Settings
Setting
Default
Description
vibesafe.scanOnSave
false
Automatically scan the file on save
vibesafe.showInlineWarnings
true
Show squiggles and hovers on flagged lines
Privacy
Your code is scanned over an encrypted connection, never stored, and never used to train AI. Only the scan results come back to your editor.
Links
Built for founders, indie hackers & AI builders. Scan before you ship.