Supported Languages

Overview

KafkaCode supports 7 major programming languages commonly used in modern application development. The scanner automatically detects file types and applies appropriate analysis techniques.

Python

.py filesFull support for Python 2 and 3

JavaScript

.js filesES5, ES6+, Node.js, Browser JS

TypeScript

.ts filesAll TypeScript versions

Java

.java filesJava 8 through Java 21

Go

.go filesAll Go versions

Ruby

.rb filesRuby 2.x and 3.x

PHP

.php filesPHP 7.x and 8.x

Language-Specific Features

Python

Detection
Best Practices
Frameworks

What KafkaCode detects in Python:

# ❌ Secrets detection
AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE"
db_password = "mypassword123"

# ❌ PII detection
user_email = "john.doe@company.com"
phone = "+1-555-123-4567"

# ❌ Sensitive assignments
SECRET_KEY = "django-insecure-key"
API_KEY = "sk_live_abc123..."

Recommended patterns:

# ✅ Use environment variables
import os
AWS_ACCESS_KEY = os.getenv('AWS_ACCESS_KEY')
SECRET_KEY = os.environ.get('SECRET_KEY')

# ✅ Use configuration files
from django.conf import settings
API_KEY = settings.API_KEY

# ✅ Use secrets management
from aws_secretsmanager import get_secret
db_password = get_secret('db_password')

JavaScript / TypeScript

Detection
Best Practices
Frameworks

What KafkaCode detects in JS/TS:

// ❌ Hardcoded secrets
const apiKey = 'sk_live_abc123...';
const dbUrl = 'mongodb://user:pass@localhost';

// ❌ PII in code
const adminEmail = 'admin@company.com';
const userPhone = '+1-555-0123';

// ❌ Exposed tokens
const githubToken = 'ghp_abc123...';

Recommended patterns:

// ✅ Environment variables
const apiKey = process.env.API_KEY;
const dbUrl = process.env.DATABASE_URL;

// ✅ Config files
import config from './config';
const apiKey = config.get('apiKey');

// ✅ Secrets manager
const { getSecret } = require('./secrets');
const token = await getSecret('github_token');

Java

Detection
Best Practices
Frameworks

What KafkaCode detects in Java:

// ❌ Hardcoded credentials
String apiKey = "AKIAIOSFODNN7EXAMPLE";
String password = "mypassword123";

// ❌ Connection strings
String dbUrl = "jdbc:postgresql://localhost/db?user=admin&password=pass";

// ❌ PII in constants
private static final String ADMIN_EMAIL = "admin@company.com";

Recommended patterns:

// ✅ Environment variables
String apiKey = System.getenv("API_KEY");

// ✅ Properties files
Properties props = new Properties();
props.load(new FileInputStream("config.properties"));
String apiKey = props.getProperty("api.key");

// ✅ Spring configuration
@Value("${api.key}")
private String apiKey;

Go

Detection
Best Practices
Frameworks

What KafkaCode detects in Go:

// ❌ Hardcoded secrets
const apiKey = "sk_live_abc123..."
var dbPassword = "mypassword"

// ❌ Connection strings
dsn := "user:password@tcp(localhost:3306)/db"

// ❌ API tokens
token := "ghp_abc123..."

Recommended patterns:

// ✅ Environment variables
import "os"
apiKey := os.Getenv("API_KEY")

// ✅ Config packages
import "github.com/spf13/viper"
viper.SetConfigFile(".env")
apiKey := viper.GetString("API_KEY")

// ✅ Secrets from vault
secret, err := vault.GetSecret("api-key")

Ruby

Detection
Best Practices
Frameworks

What KafkaCode detects in Ruby:

# ❌ Hardcoded credentials
api_key = "sk_live_abc123..."
db_password = "mypassword"

# ❌ PII in code
admin_email = "admin@company.com"

# ❌ Secret tokens
secret_token = "abc123..."

Recommended patterns:

# ✅ Environment variables
api_key = ENV['API_KEY']
db_password = ENV.fetch('DB_PASSWORD')

# ✅ Rails credentials
api_key = Rails.application.credentials.api_key

# ✅ Configuration gems
require 'dotenv'
Dotenv.load
api_key = ENV['API_KEY']

PHP

Detection
Best Practices
Frameworks

What KafkaCode detects in PHP:

// ❌ Hardcoded secrets
$apiKey = "sk_live_abc123...";
$dbPassword = "mypassword";

// ❌ Connection strings
$dsn = "mysql:host=localhost;dbname=db;user=admin;password=pass";

// ❌ PII exposure
define('ADMIN_EMAIL', 'admin@company.com');

Recommended patterns:

// ✅ Environment variables
$apiKey = getenv('API_KEY');
$apiKey = $_ENV['API_KEY'];

// ✅ Config files
$config = require 'config.php';
$apiKey = $config['api_key'];

// ✅ Laravel configuration
$apiKey = config('services.stripe.key');

File Type Recognition

KafkaCode automatically recognizes files by extension:

Extension	Language	Supported
`.py`	Python	✅ Yes
`.js`	JavaScript	✅ Yes
`.ts`	TypeScript	✅ Yes
`.jsx`	JavaScript (React)	✅ Yes
`.tsx`	TypeScript (React)	✅ Yes
`.java`	Java	✅ Yes
`.go`	Go	✅ Yes
`.rb`	Ruby	✅ Yes
`.php`	PHP	✅ Yes
`.c`	C	❌ Not yet
`.cpp`	C++	❌ Not yet
`.cs`	C#	❌ Not yet
`.swift`	Swift	❌ Not yet
`.kt`	Kotlin	❌ Not yet
`.rs`	Rust	❌ Not yet

More languages are coming soon! Check our roadmap for upcoming support.

Ignored Files & Directories

KafkaCode automatically skips:

Built-in Ignores

Version Control

.git/
.svn/
.hg/

Dependencies

node_modules/
vendor/
bower_components/

Python

venv/
.venv/
__pycache__/
.pytest_cache/
*.pyc

Build Outputs

build/
dist/
target/
out/
.next/

Gitignore Support

KafkaCode automatically respects your .gitignore:

# .gitignore
*.env
secrets/
config/local.js
*.key
*.pem

All files matching these patterns are automatically excluded from scanning.

Multi-Language Projects

KafkaCode handles polyglot repositories seamlessly:

project/
├── backend/          # Python + Go
│   ├── api.py
│   └── server.go
├── frontend/         # TypeScript + React
│   ├── App.tsx
│   └── utils.ts
├── mobile/          # Java (Android)
│   └── MainActivity.java
└── scripts/         # Ruby + PHP
    ├── deploy.rb
    └── migrate.php

All files are scanned with appropriate language-specific rules.

Language-Specific Patterns

Each language has custom detection patterns:

Python-specific

Django SECRET_KEY detection
Flask app.secret_key patterns
SQLAlchemy connection strings
Environment variable misuse

JavaScript-specific

process.env misuse detection
JWT secret patterns
API key in fetch/axios calls
LocalStorage/Cookie PII

Java-specific

JDBC connection string patterns
Spring @Value misuse
Properties file secrets
Hibernate credentials

Go-specific

Connection DSN patterns
Const secret detection
Environment variable handling
Config struct analysis

Coming Soon

C / C++

Support planned for Q2 2025

C# / .NET

Support planned for Q2 2025

Rust

Support planned for Q3 2025

Kotlin

Support planned for Q3 2025

Swift

Support planned for Q4 2025

Scala

Support planned for Q4 2025

Want a specific language? Request it on GitHub or contribute a PR!

Next Steps

Detection Methods

Learn what KafkaCode detects

Basic Scanning

Start scanning your code

Custom Patterns

Add language-specific rules

Examples

See real-world examples

Get Started

Core Concepts

Usage Guide

Advanced

​Overview