🛡️ pkgsafe
Your Guardian for a Secure Dependency Tree.
pkgsafe is a lightweight, production-grade VS Code extension that monitors your package.json for known security risks in real-time. By combining the power of the npm Advisory API and OSV.dev, it provides a comprehensive safety net for your project without cluttering your development environment.
🚀 Why pkgsafe?
Most vulnerability scanners are either too noisy or too slow. pkgsafe is built for performance and focus:
- ⚡ Blazing Fast: Leverages Bulk APIs and intelligent caching to scan your entire workspace in milliseconds.
- 🧹 Zero Clutter: No messy underlines or crowded "Problems" tabs. Security insights are available exactly where you need them: in the sidebar and on hover.
- 🔍 Multi-Source Intelligence: Cross-references findings from the official npm registry and the Open Source Vulnerabilities (OSV) database.
- 🏢 Monorepo Ready: Automatically detects and scans multiple
package.json files across complex workspaces.
✨ Key Features
📡 Real-time Monitoring
Stay ahead of threats. pkgsafe automatically triggers a scan whenever you open or save a package.json.
A dedicated view in the Activity Bar providing:
- Quick Stats: Summary cards for Vulnerable, Clean, and Total dependencies.
- Deep-Dive Reports: Detailed cards showing CVSS scores, CVE IDs, and patched versions.
- Workspace Rescan: A one-click button to refresh security status across all projects.
💡 Contextual Hovers
Get the facts instantly. Hover over any dependency name to see a rich markdown summary of identified vulnerabilities and OSV advisories.
📜 Professional Logging
Transparency at your fingertips. View all scanning activity and API interactions via the dedicated pkgsafe Output Channel.
⚙️ Configuration
Tailor the experience to your needs:
pkgsafe.enabled: Toggle automatic scanning (default: true).pkgsafe.severity: Set the minimum severity to flag (low, moderate, high, critical).
🛠️ Data Sources
pkgsafe fetches trusted, real-time data from:
Made with ❤️ by blitzbugg
