DEV Community

Live Vulnerability spotting in VSCode

After my Codeland talk a bunch of people asked me if I know any good tool for spotting vulnerabilities in packages you depends on.

I want to highlight one tool over here. It is an open-source, community-driven extension for VSCode called Vuln Cost.

Vuln Cost in action

Looks cool right?!

What does it do?

This extension looks at the packages you are using while you are coding. It checks if these packages have vulnerabilities and displays this inline.

To have all the information available we are using the information from Snyk. To connect to that API you need to have a Snyk account. We made it possible that a FREE account is already enough to get all the information.

It currently works for:

  • Node packages in JavaScript en TypeScript files
  • popular CDN's in HTML files
  • Node packages in your package.json


As mentioned, this extension is a community-driven initiative. Feel free to open an issue, or even better create a pull request! We love your contributions to make the world a little bit safer!


VSCode marketplace
Github repo
Information about Vuln Cost

Top comments (0)