Component Lifecycle Tracker
Track dependencies, monitor security vulnerabilities, detect license changes, and manage software compliance directly in VS Code.
Features
Security Monitoring
- Vulnerability Scanning: Automatically detect CVEs using OSV (Google's Open Source Vulnerabilities database)
- Real-time Alerts: Get notified when new vulnerabilities are found
- Severity Levels: Critical, High, Medium, Low classification
Health Scoring
- Unique Health Score (0-100): Combines vulnerabilities, outdated status, and maintenance status
- Visual Indicators:
- Green (80-100): Healthy
- Yellow (50-79): Warning
- Red (0-49): Critical
Abandonment Detection
- Maintenance Monitoring: Warns if packages haven't been updated in 12+ months
- Proactive Alerts: Identify potentially abandoned dependencies before they become critical
Multi-Ecosystem Support
- NPM (Node.js)
- Maven (Java)
- PyPI (Python)
- Go Modules
- Cargo (Rust)
- NuGet (.NET)
License Tracking
- Monitor license changes
- Detect incompatible licenses
- Compliance reporting
Installation
Prerequisites
- Java 21+ (for backend)
- VS Code 1.74+
Step 1: Install Extension
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search for "Component Lifecycle Tracker"
- Click Install
Step 2: Start Backend
Download and run the backend service:
java -jar component-lifecycle-tracker-backend.jar --spring.profiles.active=test
Backend will start on http://localhost:8080
Usage
View Dependencies
- Open any project with package.json, pom.xml, requirements.txt, etc.
- Look for the Component Lifecycle Tracker icon in the left sidebar
- Click to see all dependencies with health scores
Scan for Vulnerabilities
- Press
Ctrl+Shift+P
- Type: "Component Lifecycle Tracker: Scan for Vulnerabilities"
- View results in the panel
Check Package Details
- Click any package in the tree view
- See: Health score, vulnerabilities, licenses, repository link
Configuration
Open VS Code settings (Ctrl+,) and search for "Component Lifecycle Tracker":
| Setting |
Default |
Description |
backendUrl |
http://localhost:8080/api |
Backend API URL |
autoScan |
true |
Auto-scan on project open |
refreshInterval |
1800 |
Auto-refresh interval (seconds) |
Development
Build from Source
cd vscode-extension
npm install
npm run compile
Package Extension
npm run package
Run Tests
npm run test
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature)
- Commit your changes (
git commit -m 'Add some AmazingFeature')
- Push to the branch (
git push origin feature/AmazingFeature)
- Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- OSV - Open Source Vulnerabilities database
- Google - For maintaining OSV
- All contributors and users
Aditya Anant Vishe - adityavishe67@gmail.com
Project Link: https://github.com/ADITYA-CODE-SOURCE/component-lifecycle-tracker
