Unslop for VS Code
Run the Unslop engines from your editor. This
extension drives the unslop binary you already have installed and turns its
JSON reports into inline diagnostics. There's no second copy of the analysis
logic, no network calls, and no telemetry. The CLI does the work; the editor
shows the results.
Three engines feed the Problems panel:
- scan matches your code against the encrypted bug/vulnerability corpus (the
four non-LLM detection engines: exact, clone, knn, pattern).
- quality reports code-health smells: dead code, duplication, vague names,
over-complex functions, and idiom rewrites.
- secrets finds leaked credentials and PII, showing a masked preview only.
The raw value never leaves the CLI.
Requirements
You need the unslop binary on your PATH. Install it with one command, then
restart VS Code so it picks up the new PATH.
Windows (PowerShell):
irm https://unslop.cognitive-industries.org/install.ps1 | iex
macOS and Linux:
curl -fsSL https://unslop.cognitive-industries.org/install.sh | sh
Both installers verify the download checksum, drop unslop in a per-user
location, and add it to your PATH. If you keep the binary somewhere else, point
the extension at it with the unslop.binaryPath setting instead. Building from
source works too: cargo build --release -p unslop-cli puts the executable at
target/release/unslop.
If the binary is missing, the extension tells you once, with a copyable install
command for your OS, and shows the status bar as unconfigured. It never nags.
Note on the engines: quality and secrets work the moment the binary is
installed. scan (the corpus bug/vuln matcher) additionally needs a local
corpus, so run unslop keygen and unslop ingest --all once if you want scan
diagnostics too.
What it does
- Diagnostics on save and on demand. Save a file (or run Unslop: Scan
file) and the enabled engines run against that one file, publishing
diagnostics with real line ranges, severities, rule codes, and the engine as
the source (
unslop/scan#pattern, unslop/quality#dead-code,
unslop/secrets#secret). Unslop: Scan workspace runs across the whole
folder. The CLI applies its own ignore rules (.git, node_modules,
target, vendor, build dirs), so nothing is re-implemented here.
- The fix flow. Unslop: Fix file runs
unslop fix <file> --all --write.
Unslop never edits your file in place. It writes a sibling
<file>.unslop.updated copy, so the command opens a diff between the original
and the updated copy and you decide what to keep. A quick-fix code action
offers the same on findings that carry a fix.
- Status bar. Shows engine state, the last run's finding count, and your tier
badge. Click it for the run log.
Settings
| Setting |
Default |
What it does |
unslop.binaryPath |
unslop |
Path to the executable (PATH lookup by default). |
unslop.engines.scan |
true |
Run the corpus bug/vuln scanner. |
unslop.engines.quality |
true |
Run the code-quality analyzer. |
unslop.engines.secrets |
true |
Run the secrets/PII scanner. |
unslop.level |
balanced |
Noise preset for quality/secrets: quiet up to pedantic. |
unslop.minConfidence |
unset |
Optional confidence floor for scan. |
unslop.runOnSave |
true |
Re-scan a file on save (debounced). |
unslop.extraArgs |
[] |
Extra arguments appended to every invocation. |
Free and Pro
The in-editor extension is a Pro feature. It's listed under Pro on the
pricing page. Entitlement is read from your
local, offline-signed license via unslop license show, with no phone-home.
Free still gets a real taste: Unslop: Scan file runs the scan engine on the
current file. Pro unlocks the always-on experience, which covers run-on-save,
workspace scans, the quality and secrets engines, and the fix flow. Everything
else stays in the CLI, which is free forever. When a Pro-only action is used on
Free, you get one unobtrusive note pointing at the equivalent CLI command. There
is no repeat prompt and no hard block. A missing or expired license degrades to
Free rather than breaking anything.
Commands
| Command |
Title |
unslop.scanFile |
Unslop: Scan file |
unslop.scanWorkspace |
Unslop: Scan workspace |
unslop.fixFile |
Unslop: Fix file |
unslop.showOutput |
Unslop: Show output log |
unslop.refreshLicense |
Unslop: Refresh license / tier |
Building from source
cd ide/vscode
npm install
npm run build # esbuild bundle -> dist/extension.js
npm test # offline unit tests (node:test)
npm run package # produce a .vsix (does not publish)
License
Proprietary. See LICENSE.md.