DEV Community

1 1

Live Vulnerability spotting in VSCode

After my Codeland talk a bunch of people asked me if I know any good tool for spotting vulnerabilities in packages you depends on.

I want to highlight one tool over here. It is an open-source, community-driven extension for VSCode called Vuln Cost.

Vuln Cost in action

Looks cool right?!

What does it do?

This extension looks at the packages you are using while you are coding. It checks if these packages have vulnerabilities and displays this inline.

To have all the information available we are using the information from Snyk. To connect to that API you need to have a Snyk account. We made it possible that a FREE account is already enough to get all the information.

It currently works for:

  • Node packages in JavaScript en TypeScript files
  • popular CDN's in HTML files
  • Node packages in your package.json

Community-driven

As mentioned, this extension is a community-driven initiative. Feel free to open an issue, or even better create a pull request! We love your contributions to make the world a little bit safer!

Links

VSCode marketplace
Github repo
Information about Vuln Cost

Sentry blog image

How I fixed 20 seconds of lag for every user in just 20 minutes.

Our AI agent was running 10-20 seconds slower than it should, impacting both our own developers and our early adopters. See how I used Sentry Profiling to fix it in record time.

Read more

Top comments (0)

Eliminate Context Switching and Maximize Productivity

Pieces.app

Pieces Copilot is your personalized workflow assistant, working alongside your favorite apps. Ask questions about entire repositories, generate contextualized code, save and reuse useful snippets, and streamline your development process.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay