After my Codeland talk a bunch of people asked me if I know any good tool for spotting vulnerabilities in packages you depends on.
I want to highlight one tool over here. It is an open-source, community-driven extension for VSCode called Vuln Cost.
Looks cool right?!
This extension looks at the packages you are using while you are coding. It checks if these packages have vulnerabilities and displays this inline.
To have all the information available we are using the information from Snyk. To connect to that API you need to have a Snyk account. We made it possible that a FREE account is already enough to get all the information.
It currently works for:
- popular CDN's in HTML files
- Node packages in your package.json
As mentioned, this extension is a community-driven initiative. Feel free to open an issue, or even better create a pull request! We love your contributions to make the world a little bit safer!