Code Auditor

Code Auditor (VS Code Extension)

Audit your workspace for code health, security and best practices. Generates a human-readable HTML report with issues and an overall health score.

1) Prerequisites

• VS Code: requires ^1.70.0
• Node.js: LTS recommended (e.g., 18+)

2) Install the extension

You have two options:

Option A — Install from packaged VSIX (fastest)

The repo includes a packaged extension file: vscode-auditor-1.1.0.vsix.

1. Open VS Code
2. Go to Extensions view
3. Click the kebab menu (⋯) → Install from VSIX...
4. Select vscode-auditor-1.1.0.vsix from the extension folder
5. Reload VS Code if prompted

Option B — Run from source (development)

1. Open the extension folder in VS Code
2. Install dependencies:

   npm install
   

3. Build the extension:

   npm run build
   

4. Press F5 to launch an Extension Development Host

To create your own VSIX package later:

npm run package

The VSIX will be created in the extension directory.

3) Run an audit

With your target project opened in VS Code (regular window or Extension Development Host):

Option A — Command Palette:

1. Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
2. Run: Audit Repository

Option B — Context Menu (Right-click):

1. Right-click on any file or folder in the Explorer
2. Select Audit Repository from the context menu

The command ID is vs-code-auditor.auditRepo.

4) View the results

• The extension scans up to 300 files matching **/*.{js,ts,tsx,jsx,sql,py,java} and ignores common folders like node_modules, dist, build, coverage, .next, and out. Documentation files (.md) are excluded from scanning.
• When finished, it writes an HTML report to the workspace root as audit-report.html and attempts to open it automatically in VS Code.
• The report shows:
  • Overall project health score (0–100)
  • Total issues found
  • Estimated fix effort summary
  • Category cards and expandable details per issue (file, description, estimated effort)

If the file doesn’t open automatically, open it manually from the Explorer or via the Command Palette: “File: Open File…”.

5) ESLint integration

If your project has ESLint configured, the auditor will use it to enrich analysis. If not, the extension still runs with built‑in checks. For best results, keep ESLint configured in your workspace.

6) Troubleshooting

• No workspace opened: Open a folder/workspace in VS Code before running "Audit Repo".
• Report didn’t open: Check the root of your project for audit-report.html and open it manually.
• Too many files: The scan caps at 300 files for safety. Narrow your workspace or adjust the project layout if needed.
• Folders ignored: The auditor ignores node_modules, dist, build, coverage, .next, and out.
• Permissions: Ensure VS Code has write permission to your workspace so the report can be created.

7) Commands and activation

• Command: Audit Repo (ID: vs-code-auditor.auditRepo)
• Activation: on command invocation or after startup

8) Publishing to VS Code Marketplace

To publish this extension:

1. Install vsce (Visual Studio Code Extension Manager):

   npm install -g @vscode/vsce
   

2. Login to Azure DevOps:

   vsce login <publisher-name>
   

   Replace <publisher-name> with your publisher ID (e.g., kamlesh-kushwaha).

3. Package the extension:

   npm run package
   

4. Publish to marketplace:

   vsce publish
   

Note: You need a publisher account on the VS Code Marketplace. Create one at https://marketplace.visualstudio.com/manage.

9) Notes

• The report is generated at the root of the currently opened workspace.
• The analyzer uses simple, fast heuristics for categories such as Security, Performance, Modularization, Best Practices, Documentation, Logging, Queries, and Boundary Conditions.
• Works both locally and in cloud environments (e.g., Codespaces) if the workspace is accessible and writable.