I built a VS Code extension that catches secrets before you commit them

I found a hardcoded AWS key in an old project sitting there for months. Classic mistake that's happened to every developer. So I built something to stop it happening again. SecretSentinel detects hardcoded API keys, passwords and credentials in real-time as you type in VS Code - before you save, before you commit, before any damage is done. What makes it different GitHub's secret scanning catches leaks after you push. By then the secret is in your git history and potentially already scraped by bots. SecretSentinel stops it at the source. The technical part I'm proud of Pure regex pattern matching only catches known secret formats. So I implemented Shannon entropy scoring - if a string is random enough to statistically look like a secret, it gets flagged even without a matching pattern. What it does Real-time detection across 60+ secret patterns Entropy-based detection for unknown secrets Git history scanner - finds secrets in past commits Severity levels - Critical, High, Medium, Low .