Vulnerability Guardian is a powerful VS Code extension that helps developers identify and fix security vulnerabilities in their JavaScript and TypeScript code. By scanning your code for common security issues, this extension helps you build more secure applications before they reach production.
- Real-time Vulnerability Detection: Automatically scan for security issues as you code
- Security Best Practices: Identifies common security vulnerabilities based on OWASP Top 10
- Detailed Explanations: Get comprehensive information about detected vulnerabilities
- AI-assisted Scanning: Advanced pattern recognition for more accurate vulnerability detection
- Custom Severity Levels: Vulnerabilities are categorized by severity (Critical, High, Medium, Low)
- Workspace Scanning: Scan your entire project for security issues
- Detailed Reports: View summary reports of all vulnerabilities in your codebase
Vulnerability Guardian can detect various types of security issues, including:
- Broken Access Control: Unauthorized access to protected resources
- Cryptographic Failures: Weak encryption or poor key management
- Injection Flaws: SQL, NoSQL, OS, and LDAP injection
- Insecure Design: Security issues in the application design
- Authentication Failures: Weaknesses in authentication mechanisms
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search for "Vulnerability Guardian"
- Click Install
- Reload VS Code
Alternatively, you can install the extension manually:
- Download the
.vsixfile - Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Click the "..." menu and select "Install from VSIX..."
- Select the downloaded
.vsixfile
- Click the shield icon in the status bar
- Right-click in the editor and select "Vulnerability Guardian: Scan Current File"
- Press F1 and type "Vulnerability Guardian: Scan Current File"
- Right-click in the Explorer view and select "Vulnerability Guardian: Scan Workspace"
- Press F1 and type "Vulnerability Guardian: Scan Workspace"
Vulnerabilities are displayed in several ways:
- As diagnostics (squiggly underlines) in your code
- In the Problems panel, grouped by severity
- In detailed report webviews showing all detected issues
Click on "View Details" when prompted to see comprehensive information about a detected vulnerability:
- Description of the vulnerability
- Severity level
- Affected code
- Recommended remediation steps
- Examples of vulnerable code patterns
- AI confidence score
You can configure the extension in your VS Code settings:
{
"vulnerabilityGuardian.enableAIScan": true,
"vulnerabilityGuardian.scanOnSave": true
}vulnerabilityGuardian.enableAIScan: Enable or disable AI-assisted scanningvulnerabilityGuardian.scanOnSave: Automatically scan files when saved
vulnerability-guardian.scanCurrentFile: Scan the currently open filevulnerability-guardian.scanWorkspace: Scan all files in the workspacevulnerability-guardian.toggleAIScanning: Toggle AI-assisted scanning on/off
- VS Code 1.60.0 or higher
- Works with JavaScript, TypeScript, JSX, and TSX files
- AI scanning is still in beta and may occasionally produce false positives
- Large workspace scanning may take time on slower machines
- Initial release of Vulnerability Guardian
- Support for detecting OWASP Top 10 vulnerabilities
- AI-assisted vulnerability detection
- Detailed vulnerability reports
Contributions are welcome! Please feel free to submit a Pull Request.
This extension is licensed under the MIT License.