Real-time security guardrails for the Vibe Coding generation.
VibeSecPro is a professional grade VS Code extension designed for developers who move at light-speed with AI-generated code (Cursor, Claude, ChatGPT). It acts as an active, zero-latency guardrail, detecting security vulnerabilities at creation time—right when you paste or save code.
Vibe coders move fast. We paste large blocks of AI-generated code and ship. But AI often hallucinations security: hardcoded secrets, SQL injections, and dangerous function calls are common. VibeSecPro ensures you don't trade speed for security by catching these risks inside your editor.
Monitors your editor for large insertions (AI blocks). Detections happen in milliseconds—before you even hit save.
A centralized dashboard to monitor your project's security health.
- Global Overview: Real-time stats on Critical, High, and Medium issues.
- Interactive Navigation: Click any issue to jump directly to the vulnerable line.
- Markdown Export: Export filtered reports to feed back into your AI for remediation.
Access everything with one click. Our secondary sidebar provides quick access to the Security Hub and full workspace scans.
Don't just find security debt—vibe your way out of it. Use "Fix with VibeSecPro" to automatically replace insecure patterns with protected alternatives.
Audit your code from the terminal and CI/CD pipelines. Same rules, same engine, same protection.
- Search for VibeSecPro in the Extensions view.
- Click Install.
- Download the latest
vibesecpro-v1.2.2.vsixfrom Releases. - In VS Code, run
Extensions: Install from VSIX...from the Command Palette (cmd+shift+p).
- Squiggles: Vulnerabilities are highlighted with red/yellow squiggles immediately.
- Quick Fix: Hover over a squiggle and select "Fix with VibeSecPro" (
cmd+.). - Sidebar: Click the 🛡️ icon in your Activity Bar to open the Security Hub.
# Install and link globally
npm install && npm run build
npm link
# Scan your project
vibesec scan .VibeSecPro covers 200+ security patterns across:
- Secrets: OpenAI, AWS, Supabase, Firebase, RSA keys, JWT secrets.
- Injections: SQLi, NoSQLi, XSS, and AI Prompt Injection.
- Dangerous Fn:
eval(),child_process.exec(),pickle.loads(). - Auth & Crypto: Weak hashing (MD5/SHA1), insecure random numbers.
See RULES.md for the full detailed documentation.
- JavaScript / Node.js
- TypeScript
- Python
- Lead Developer: devpreshy (@HonoredOnly)
- GitHub: Preshy
Built for the Vibe Coding Era. Stop shipping hallucinations, start shipping secure code.