Documentation Index Fetch the complete documentation index at: https://docs.kafkalabs.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview KafkaCode supports 7 major programming languages commonly used in modern application development. The scanner automatically detects file types and applies appropriate analysis techniques.
Supported Languages
Python .py filesFull support for Python 2 and 3
JavaScript .js filesES5, ES6+, Node.js, Browser JS
TypeScript .ts filesAll TypeScript versions
Java .java filesJava 8 through Java 21
Go .go filesAll Go versions
Ruby .rb filesRuby 2.x and 3.x
PHP .php filesPHP 7.x and 8.x
Language-Specific Features Python Detection
Best Practices
Frameworks
What KafkaCode detects in Python: # ❌ Secrets detection AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" db_password = "mypassword123" # ❌ PII detection user_email = "john.doe@company.com" phone = "+1-555-123-4567" # ❌ Sensitive assignments SECRET_KEY = "django-insecure-key" API_KEY = "sk_live_abc123..."
Recommended patterns: # ✅ Use environment variables import os AWS_ACCESS_KEY = os.getenv( 'AWS_ACCESS_KEY' ) SECRET_KEY = os.environ.get( 'SECRET_KEY' ) # ✅ Use configuration files from django.conf import settings API_KEY = settings. API_KEY # ✅ Use secrets management from aws_secretsmanager import get_secret db_password = get_secret( 'db_password' )
Supported Python frameworks:
Django
Flask
FastAPI
Pyramid
Bottle
JavaScript / TypeScript Detection
Best Practices
Frameworks
What KafkaCode detects in JS/TS: // ❌ Hardcoded secrets const apiKey = 'sk_live_abc123...' ; const dbUrl = 'mongodb://user:pass@localhost' ; // ❌ PII in code const adminEmail = 'admin@company.com' ; const userPhone = '+1-555-0123' ; // ❌ Exposed tokens const githubToken = 'ghp_abc123...' ;
Recommended patterns: // ✅ Environment variables const apiKey = process . env . API_KEY ; const dbUrl = process . env . DATABASE_URL ; // ✅ Config files import config from './config' ; const apiKey = config . get ( 'apiKey' ); // ✅ Secrets manager const { getSecret } = require ( './secrets' ); const token = await getSecret ( 'github_token' );
Supported JS/TS frameworks:
Node.js
React / Next.js
Vue.js / Nuxt.js
Angular
Express / Fastify
NestJS
Java Detection
Best Practices
Frameworks
What KafkaCode detects in Java: // ❌ Hardcoded credentials String apiKey = "AKIAIOSFODNN7EXAMPLE" ; String password = "mypassword123" ; // ❌ Connection strings String dbUrl = "jdbc:postgresql://localhost/db?user=admin&password=pass" ; // ❌ PII in constants private static final String ADMIN_EMAIL = "admin@company.com" ;
Recommended patterns: // ✅ Environment variables String apiKey = System . getenv ( "API_KEY" ); // ✅ Properties files Properties props = new Properties (); props . load ( new FileInputStream ( "config.properties" )); String apiKey = props . getProperty ( "api.key" ); // ✅ Spring configuration @ Value ( "${api.key}" ) private String apiKey ;
Supported Java frameworks:
Spring Boot
Spring Framework
Jakarta EE
Micronaut
Quarkus
Detection
Best Practices
Frameworks
What KafkaCode detects in Go: // ❌ Hardcoded secrets const apiKey = "sk_live_abc123..." var dbPassword = "mypassword" // ❌ Connection strings dsn := "user:password@tcp(localhost:3306)/db" // ❌ API tokens token := "ghp_abc123..."
Recommended patterns: // ✅ Environment variables import " os " apiKey := os . Getenv ( "API_KEY" ) // ✅ Config packages import " github.com/spf13/viper " viper . SetConfigFile ( ".env" ) apiKey := viper . GetString ( "API_KEY" ) // ✅ Secrets from vault secret , err := vault . GetSecret ( "api-key" )
Supported Go frameworks:
Gin
Echo
Fiber
Chi
Gorilla
Ruby Detection
Best Practices
Frameworks
What KafkaCode detects in Ruby: # ❌ Hardcoded credentials api_key = "sk_live_abc123..." db_password = "mypassword" # ❌ PII in code admin_email = "admin@company.com" # ❌ Secret tokens secret_token = "abc123..."
Recommended patterns: # ✅ Environment variables api_key = ENV [ 'API_KEY' ] db_password = ENV . fetch ( 'DB_PASSWORD' ) # ✅ Rails credentials api_key = Rails . application . credentials . api_key # ✅ Configuration gems require 'dotenv' Dotenv . load api_key = ENV [ 'API_KEY' ]
Supported Ruby frameworks:
Ruby on Rails
Sinatra
Hanami
Grape
Padrino
PHP Detection
Best Practices
Frameworks
What KafkaCode detects in PHP: // ❌ Hardcoded secrets $apiKey = "sk_live_abc123..." ; $dbPassword = "mypassword" ; // ❌ Connection strings $dsn = "mysql:host=localhost;dbname=db;user=admin;password=pass" ; // ❌ PII exposure define ( 'ADMIN_EMAIL' , 'admin@company.com' );
Recommended patterns: // ✅ Environment variables $apiKey = getenv ( 'API_KEY' ); $apiKey = $_ENV [ 'API_KEY' ]; // ✅ Config files $config = require 'config.php' ; $apiKey = $config [ 'api_key' ]; // ✅ Laravel configuration $apiKey = config ( 'services.stripe.key' );
Supported PHP frameworks:
Laravel
Symfony
CodeIgniter
Yii
CakePHP
File Type Recognition KafkaCode automatically recognizes files by extension:
Extension Language Supported .pyPython ✅ Yes .jsJavaScript ✅ Yes .tsTypeScript ✅ Yes .jsxJavaScript (React) ✅ Yes .tsxTypeScript (React) ✅ Yes .javaJava ✅ Yes .goGo ✅ Yes .rbRuby ✅ Yes .phpPHP ✅ Yes .cC ❌ Not yet .cppC++ ❌ Not yet .csC# ❌ Not yet .swiftSwift ❌ Not yet .ktKotlin ❌ Not yet .rsRust ❌ Not yet
More languages are coming soon! Check our roadmap for upcoming support. Ignored Files & Directories KafkaCode automatically skips:
Built-in Ignores
Dependencies
node_modules/vendor/bower_components/
Python
venv/.venv/__pycache__/.pytest_cache/*.pyc
Build Outputs
build/dist/target/out/.next/ Gitignore Support KafkaCode automatically respects your .gitignore:
# .gitignore *.env secrets/ config/local.js *.key *.pem
All files matching these patterns are automatically excluded from scanning.
Multi-Language Projects KafkaCode handles polyglot repositories seamlessly:
project/ ├── backend/ # Python + Go │ ├── api.py │ └── server.go ├── frontend/ # TypeScript + React │ ├── App.tsx │ └── utils.ts ├── mobile/ # Java (Android) │ └── MainActivity.java └── scripts/ # Ruby + PHP ├── deploy.rb └── migrate.php
All files are scanned with appropriate language-specific rules.
Language-Specific Patterns Each language has custom detection patterns:
Django SECRET_KEY detection
Flask app.secret_key patterns
SQLAlchemy connection strings
Environment variable misuse
process.env misuse detectionJWT secret patterns
API key in fetch/axios calls
LocalStorage/Cookie PII
JDBC connection string patterns
Spring @Value misuse
Properties file secrets
Hibernate credentials
Connection DSN patterns
Const secret detection
Environment variable handling
Config struct analysis
Coming Soon
C / C++ Support planned for Q2 2025
C# / .NET Support planned for Q2 2025
Rust Support planned for Q3 2025
Kotlin Support planned for Q3 2025
Swift Support planned for Q4 2025
Scala Support planned for Q4 2025
Next Steps
Detection Methods Learn what KafkaCode detects
Basic Scanning Start scanning your code
Custom Patterns Add language-specific rules
Examples See real-world examples
