Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/snyk/vulncost

Find security vulnerabilities in open source npm packages while you code
https://github.com/snyk/vulncost

security vscode-extension vulnerabilities

Last synced: 6 days ago
JSON representation

Find security vulnerabilities in open source npm packages while you code

Awesome Lists containing this project

README

        

# Latest update 🗞️ (start here first 👇)
Vuln Cost is no longer being actively maintained. While you can continue to use this extension until it is officially deprecated, we recommend you install [the official Snyk extension](https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner). This new extension provides all the functionality supported by Vuln Cost and enables you to find and fix issues in both your open source dependencies AND your custom code.

Vuln Cost Animated Logo


Vuln Cost


The world's easiest, Security Scanner for VS Code



Visual Studio Marketplace Version





## Vuln Cost - Security Scanner for VS Code

- [Homepage](https://snyk.io/security-scanner-vuln-cost/)
- [Github repository](https://github.com/snyk/vulncost)
- [Issues](https://github.com/snyk/vulncost/issues)

## Getting started
- [Getting started guide](https://github.com/snyk/vulncost/blob/master/GETTING-STARTED.MD)

## Vulnerability scanning in VS Code

Find security vulnerabilities in open source packages while you code in JavaScript, TypeScript and HTML.
Receive feedback in-line with your code, such as how many vulnerabilities a package contains that you are importing. And most important, suggesting a fix if known vulnerabilities are found.
If you like the extension, we’d love it if you could [rate it](https://marketplace.visualstudio.com/items?itemName=snyk-security.vscode-vuln-cost&ssr=false#review-details).

🔒 Your code and manifest files never leave your machine. Snyk only needs the dependency name and version to test against our constantly updated vulnerability database.

## Detect vulnerabilities in third-party open source packages automatically while you code.

- **Find security vulnerabilities in the npm packages you import:** see the number of known vulnerabilities in your imported npm packages as soon as you require them!

- **See your project vulnerabilities inline, as you code:** see feedback directly in your editor. Vuln Cost displays the number of vulnerabilities your packages add to your project.

- **Find security vulnerabilities in your JavaScript packages from well-known CDNs:** Vuln Cost scans any HTML files in your projects and displays vulnerability information about the JavaScript packages you download from your favorite CDN.

- **See in-depth information about your vulnerabilities:** access relevant resources that will give you deeper information about the vulnerabilities that directly affect your project.

Vuln Cost in JavaScript files:

![Vuln Cost in JS files](https://raw.githubusercontent.com/snyk/vulncost/master/images/require.png)

Vuln Cost in HTML files:

![Vuln Cost in HTML files](https://raw.githubusercontent.com/snyk/vulncost/master/images/unpkg.png)

## CDN support
Vuln Cost scans HTML files and displays vulnerability information about the JavaScript packages you download from multiple CDN providers.

#### Currently supported CDN's
- [unpkg.com](https://unpkg.com/)
- [ajax.googleapis.com](https://ajax.googleapis.com)
- [cdn.jsdelivr.net](https://cdn.jsdelivr.net)
- [cdnjs.cloudflare.com](https://cdnjs.cloudflare.com)
- [code.jquery.com](https://code.jquery.com/)
- [maxcdn.bootstrapcdn.com](https://www.bootstrapcdn.com/)
- [yastatic.net](https://yastatic.net/)
- [ajax.aspnetcdn.com](https://ajax.aspnetcdn.com)