{"id":13672806,"url":"https://github.com/microsoft/vscode-js-debug","last_synced_at":"2026-02-27T00:06:48.870Z","repository":{"id":37497861,"uuid":"198896556","full_name":"microsoft/vscode-js-debug","owner":"microsoft","description":"A DAP-compatible JavaScript debugger. Used in VS Code, VS, + more","archived":false,"fork":false,"pushed_at":"2026-02-19T18:40:11.000Z","size":23280,"stargazers_count":1918,"open_issues_count":107,"forks_count":344,"subscribers_count":44,"default_branch":"main","last_synced_at":"2026-02-21T22:45:53.082Z","etag":null,"topics":["dap","debug","hacktoberfest","vscode","vscode-extension"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microsoft.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-07-25T20:23:16.000Z","updated_at":"2026-02-19T18:40:14.000Z","dependencies_parsed_at":"2024-05-02T18:42:26.606Z","dependency_job_id":"70ab3e5f-e11b-49e4-8e18-f52593992ac9","html_url":"https://github.com/microsoft/vscode-js-debug","commit_stats":{"total_commits":2293,"total_committers":87,"mean_commits":26.35632183908046,"dds":0.3772350632359355,"last_synced_commit":"a8859b0435a9e8cbfe5a123359827674fa5d9de3"},"previous_names":["microsoft/vscode-pwa"],"tags_count":112,"template":false,"template_full_name":null,"purl":"pkg:github/microsoft/vscode-js-debug","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fvscode-js-debug","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fvscode-js-debug/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fvscode-js-debug/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fvscode-js-debug/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microsoft","download_url":"https://codeload.github.com/microsoft/vscode-js-debug/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fvscode-js-debug/sbom","scorecard":{"id":643558,"data":{"date":"2025-08-11","repo":{"name":"github.com/microsoft/vscode-js-debug","commit":"0740ca29d8c48115b6f510d0d4fd38348a2cbf49"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Maintained","score":10,"reason":"14 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: testWorkspace/chakracore/ChakraCore.Debugger.Sample.exe:1","Warn: binary detected: testWorkspace/chakracore/ChakraCore.Debugger.dll:1","Warn: binary detected: testWorkspace/chakracore/ChakraCore.dll:1","Warn: binary detected: testWorkspace/nodePathProvider/node-module/node_modules/.bin/node.exe:1","Warn: binary detected: testWorkspace/nodePathProvider/outdated/node.exe:1","Warn: binary detected: testWorkspace/nodePathProvider/up-to-date/node.exe:1","Warn: binary detected: testWorkspace/web/dwarf/c-with-struct.wasm:1","Warn: binary detected: testWorkspace/web/dwarf/diverse-inlining.wasm:1","Warn: binary detected: testWorkspace/web/dwarf/fibonacci.wasm:1","Warn: binary detected: testWorkspace/web/wasm/hello.wasm:1","Warn: binary detected: testWorkspace/webview/win/WebView2Loader.dll:1","Warn: binary detected: testWorkspace/webview/win/WebView2Sample.exe:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.102.0 not signed: https://api.github.com/repos/microsoft/vscode-js-debug/releases/229778737","Warn: release artifact v1.100.1 not signed: https://api.github.com/repos/microsoft/vscode-js-debug/releases/218366878","Warn: release artifact v1.100.0 not signed: https://api.github.com/repos/microsoft/vscode-js-debug/releases/215820040","Warn: release artifact v1.97.1 not signed: https://api.github.com/repos/microsoft/vscode-js-debug/releases/199683198","Warn: release artifact v1.97.0 not signed: https://api.github.com/repos/microsoft/vscode-js-debug/releases/197243421","Warn: release artifact v1.102.0 does not have provenance: https://api.github.com/repos/microsoft/vscode-js-debug/releases/229778737","Warn: release artifact v1.100.1 does not have provenance: https://api.github.com/repos/microsoft/vscode-js-debug/releases/218366878","Warn: release artifact v1.100.0 does not have provenance: https://api.github.com/repos/microsoft/vscode-js-debug/releases/215820040","Warn: release artifact v1.97.1 does not have provenance: https://api.github.com/repos/microsoft/vscode-js-debug/releases/199683198","Warn: release artifact v1.97.0 does not have provenance: https://api.github.com/repos/microsoft/vscode-js-debug/releases/197243421"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is required - but no codeowners file found in repo","Info: 'last push approval' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T11:27:08.760Z","repository_id":37497861,"created_at":"2025-08-21T11:27:08.760Z","updated_at":"2025-08-21T11:27:08.760Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29716994,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-22T15:10:41.462Z","status":"ssl_error","status_checked_at":"2026-02-22T15:10:04.636Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dap","debug","hacktoberfest","vscode","vscode-extension"],"created_at":"2024-08-02T09:01:49.319Z","updated_at":"2026-02-27T00:06:48.858Z","avatar_url":"https://github.com/microsoft.png","language":"TypeScript","readme":"\u003ch1\u003e\n  \u003cimg alt=\"vscode-js-debug\" src=\"resources/readme/logo-with-text.png\" width=\"500\"\u003e\n\u003c/h1\u003e\n\nThis is a [DAP](https://microsoft.github.io/debug-adapter-protocol/)-based JavaScript debugger. It debugs Node.js, Chrome, Edge, WebView2, VS Code extensions, Blazor, React Native, and more. It is the default JavaScript debugger in Visual Studio Code and Visual Studio, and the standalone debug server can also be used in other tools such as [Neovim](https://github.com/mfussenegger/nvim-dap).\n\n## Usage\n\nIf you're using Visual Studio or Visual Studio Code, `js-debug` is already installed. Otherwise, please consult your editor's documentation for possible installation instructions. Builds of the VS Code extension and standalone DAP server are available on the [releases](https://github.com/microsoft/vscode-js-debug/releases) page.\n\nSee [OPTIONS.md](./OPTIONS.md) for a list of options you can use in your launch configurations.\n\n- For usage in VS Code, please check out our guides for [Node.js debugging](https://code.visualstudio.com/docs/nodejs/nodejs-debugging), [Browser debugging](https://code.visualstudio.com/docs/nodejs/browser-debugging).\n- For debugging React Native, install and read through the [React Native](https://marketplace.visualstudio.com/items?itemName=msjsdiag.vscode-react-native) extension which builds upon `js-debug`.\n- For debugging Blazor, check out [its documentation here](https://learn.microsoft.com/en-us/aspnet/core/blazor/debug?view=aspnetcore-8.0\u0026tabs=visual-studio-code).\n- For debugging WebView2 apps, check out [documentation here](https://learn.microsoft.com/en-us/microsoft-edge/webview2/how-to/debug-visual-studio-code).\n\n### Nightly Extension\n\nThe shipped version of VS Code includes the js-debug version at the time of its release, however you may want to install our nightly build to get the latest fixes and features. The nightly build runs at 5PM PST on each day that there are changes ([see pipeline](https://dev.azure.com/vscode/VS%20Code%20debug%20adapters/_build?definitionId=28)). To get the build:\n\n1. Open the extensions view (ctrl+shift+x) and search for `@builtin @id:ms-vscode.js-debug`\n2. Right click on the `JavaScript Debugger` extension and `Disable` it.\n3. Search for `@id:ms-vscode.js-debug-nightly` in the extensions view.\n4. Install that extension.\n\n## Notable Features\n\nIn `js-debug` we aim to provide rich debugging for modern applications, with no or minimal configuration required. Here are a few distinguishing features of `js-debug` beyond basic debugging capabilities. Please refer to the VS Code documentation for a complete overview of capabilities.\n\n### Debug child processes, web workers, service workers, and worker threads\n\nIn Node.js, child processes and worker threads will automatically be debugged. In browsers, service workers, webworkers, and iframes will be debugged as well. While debugging workers, you can also step through `postMessage()` calls.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/web-worker.png\" width=\"302\"\u003e\n\u003c/details\u003e\n\n### Debug WebAssembly with DWARF symbols\n\nThe debugger automatically reads DWARF symbols from WebAssembly binaries, and debugs them. The usual debugging features are available, including limited evaluation support via `lldb-eval`.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/wasm-dwarf.png\" width=\"302\"\u003e\n\u003c/details\u003e\n\n### Debug Node.js processes in the terminal\n\nYou can debug any Node.js process you run in the terminal with Auto Attach. If auto attach isn't on, you can run the command `Debug: Toggle Auto Attach` to turn it on. Next time you run a command like `npm start`, we'll debug it.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/auto-attach.png\" width=\"554\"\u003e\n\u003c/details\u003e\n\nOnce enabled, you can toggle Auto Attach by clicking the `Auto Attach: On/Off` button in the status bar on the bottom of your screen. You can also create a one-off terminal for debugging via the `Debug: Create JavaScript Debug Terminal` command.\n\n### Profiling Support\n\nYou can capture and view performance profiles natively in VS Code, by clicking on the ⚪ button in the Call Stack view, or through the `Debug: Take Performance Profile` command. The profile information collected through VS Code is sourcemap-aware.\n\nWe support taking and visualizating CPU profiles, heap profiles, and heap snapshots.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/flame-chart.png\" width=\"845\"\u003e\n\u003c/details\u003e\n\n### Instrumentation breakpoints\n\nWhen debugging web apps, you can configure instrumentation breakpoints from VS Code in the \"Event Listener Breakpoints\" view.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/instrumentation-breakpoints.png\" width=\"367\"\u003e\n  \u003cimg src=\"resources/readme/instrumentation-breakpoints2.png\" width=\"602\"\u003e\n\u003c/details\u003e\n\n### Return value interception\n\nOn a function's return statement, you can use, inspect, and modify the `$returnValue`.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/returnvalue.png\"\u003e\n\u003c/details\u003e\n\nNote that you can use and modify properties on the `$returnValue`, but not assign it to--it is effectively a `const` variable.\n\n### Pretty-print minified sources\n\nThe debugger can pretty print files, especially useful when dealing with minified sources. You can trigger pretty printing by clicking on the braces `{}` icon in editor actions, or via the `Debug: Pretty print for debugging` command.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/pretty-print.png\"\u003e\n\u003c/details\u003e\n\n### Experimental Network View\n\nThe debugger allows viewing network traffic of browser targets and Node.js \u003e22.6.0. This requires enabling the `debug.javascript.enableNetworkView` setting.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/network-view.png\"\u003e\n\u003c/details\u003e\n\n### Advanced Rename Support\n\nWhen using a tool that emits renames in its sourcemap, the debugger maps renamed variables in all displayed views, and also rewrites evaluation requests to use the renamed identifiers, allowing near-source-level debugging of minified code.\n\n### Conditional Exception Breakpoints\n\nAs in most debuggers, you can pause on caught exceptions, but you can also filter the exceptions you want to pause on by checking against the `error` object. In VS Code, you can do this by clicking the pencil icon in the Breakpoints view.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/conditional-exception-breakpoints.png\"\u003e\n\u003c/details\u003e\n\n### Excluded Callers\n\nIf you have a breakpoint you want to pause on, but not when called from certain frames, you can right click on call frames in the stack trace view to \"exclude caller\" which prevents pausing on that breakpoint when the requested caller is in the stack trace.\n\n\u003cdetails\u003e\n  \u003csummary\u003ePreview\u003c/summary\u003e\n  \u003cimg src=\"resources/readme/exclude-caller.png\"\u003e\n\u003c/details\u003e\n\n### Step-in Targets\n\nWhen paused on a location with multiple calls or expressions, the debugger supports the **Debug: Step Into Target** action that allows you to request a specific expression you wish to step into.\n","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fvscode-js-debug","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrosoft%2Fvscode-js-debug","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fvscode-js-debug/lists"}