Visual Studio Code extension flags NPM vulnerabilities

Open source Snyk Vuln Cost scans JavaScript packages from NPM for security vulnerabilities as you code

Visual Studio Code extension flags NPM vulnerabilities
SolarSeven / Ankabala / Getty Images

Security developer Snyk has published a free extension for Microsoft’s popular Visual Studio Code editor that finds vulnerabilities in NPM packages.

Introduced April 2, the open source Snyk Vuln Cost extension serves as a security scanner, providing feedback inline as developers code. With 80 percent to 90 percent of code today being heavily dependent on open source packages, developers need to know what these packages do, Brian Vermeer, Vuln Cost project lead, said.

The Snyk Vuln Cost tool can also find vulnerabilities in JavaScript packages from well-known CDNs by scanning HTML files in your projects. Currently supported CDNs include:

  • unpkg.com
  • ajax.googleapis.com
  • cdn.jsdelivr.net
  • cdnjs.cloudflare.com
  • code.jquery.com
  • maxcdn.bootstrapcdn.com

The extension is available from the Visual Studio Marketplace. Users who connect Vuln Cost to a Snyk account get additional capabilities, including a vulnerability severity level, an overview of security issues in a project, and remediation advice.

Copyright © 2020 IDG Communications, Inc.