Guard Your Codebase.
Vypher is an advanced CLI tool for detecting PII and PHI in your source code, built for Finance and Healthcare standards.
Vypher scans directories recursively for Personally Identifiable Information (PII) and Protected Health Information (PHI) — helping developers and security teams identify sensitive data leaks before they become compliance incidents.
It ships with 11 built-in detection patterns covering finance, healthcare, crypto, and general PII, with smart validation to minimize false positives.
- Deep scanning with configurable exclude patterns, max-depth control, and smart default ignores for
node_modules,dist, lockfiles, and more - Industry-standard patterns for PCI DSS (credit cards, SSN, IBAN) and HIPAA (MRN, ICD-10, DOB)
- Smart validation using the Luhn algorithm and keyword proximity detection to reduce false positives
- Blazing fast parallel scanning auto-scaled to available CPU cores
- Multiple output formats: console, JSON, and SARIF compatible with GitHub Code Scanning and CI/CD pipelines
- Tag-based rule filtering with
--rules finance,--rules healthcare,--rules crypto, and more - Shift left with pre-commit hooks to catch sensitive data before it ever enters your repo
- Run anywhere via an official Docker image with no installation required
- Cross-platform with native binaries for macOS, Linux, and Windows via Homebrew, Scoop, or Docker
macOS / Linux
brew install vypher-io/tap/vypherWindows
scoop bucket add vypher-io https://github.com/vypher-io/scoop-bucket
scoop install vypherDocker
docker run --rm -v $(pwd):/scan pseudocoding/vypher scan /scan| Repo | Description |
|---|---|
| cli | The Vypher CLI tool |
| docs | Documentation for Vypher |
| website | The homepage of Vypher.io |
| homebrew-tap | Homebrew formula for macOS and Linux |
| scoop-bucket | Scoop manifest for Windows |
Built with Go. Released under the MIT License.