Skip to content
| Marketplace
Sign in
Visual Studio Code>Programming Languages>UnslopNew to Visual Studio Code? Get it now.
Unslop

Unslop

Cognitive Industries

|
1 install
| (0) | Free
Drive the local unslop CLI from VS Code: bug/vuln, code-quality and secrets/PII diagnostics, plus the never-in-place fix flow.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

Unslop for VS Code

Run the Unslop engines from your editor. This extension drives the unslop binary you already have installed and turns its JSON reports into inline diagnostics. There's no second copy of the analysis logic, no network calls, and no telemetry. The CLI does the work; the editor shows the results.

Three engines feed the Problems panel:

  • scan matches your code against the encrypted bug/vulnerability corpus (the four non-LLM detection engines: exact, clone, knn, pattern).
  • quality reports code-health smells: dead code, duplication, vague names, over-complex functions, and idiom rewrites.
  • secrets finds leaked credentials and PII, showing a masked preview only. The raw value never leaves the CLI.

Requirements

You need the unslop binary on your PATH. Install it with one command, then restart VS Code so it picks up the new PATH.

Windows (PowerShell):

irm https://unslop.cognitive-industries.org/install.ps1 | iex

macOS and Linux:

curl -fsSL https://unslop.cognitive-industries.org/install.sh | sh

Both installers verify the download checksum, drop unslop in a per-user location, and add it to your PATH. If you keep the binary somewhere else, point the extension at it with the unslop.binaryPath setting instead. Building from source works too: cargo build --release -p unslop-cli puts the executable at target/release/unslop.

If the binary is missing, the extension tells you once, with a copyable install command for your OS, and shows the status bar as unconfigured. It never nags.

Note on the engines: quality and secrets work the moment the binary is installed. scan (the corpus bug/vuln matcher) additionally needs a local corpus, so run unslop keygen and unslop ingest --all once if you want scan diagnostics too.

What it does

  • Diagnostics on save and on demand. Save a file (or run Unslop: Scan file) and the enabled engines run against that one file, publishing diagnostics with real line ranges, severities, rule codes, and the engine as the source (unslop/scan#pattern, unslop/quality#dead-code, unslop/secrets#secret). Unslop: Scan workspace runs across the whole folder. The CLI applies its own ignore rules (.git, node_modules, target, vendor, build dirs), so nothing is re-implemented here.
  • The fix flow. Unslop: Fix file runs unslop fix <file> --all --write. Unslop never edits your file in place. It writes a sibling <file>.unslop.updated copy, so the command opens a diff between the original and the updated copy and you decide what to keep. A quick-fix code action offers the same on findings that carry a fix.
  • Status bar. Shows engine state, the last run's finding count, and your tier badge. Click it for the run log.

Settings

Setting Default What it does
unslop.binaryPath unslop Path to the executable (PATH lookup by default).
unslop.engines.scan true Run the corpus bug/vuln scanner.
unslop.engines.quality true Run the code-quality analyzer.
unslop.engines.secrets true Run the secrets/PII scanner.
unslop.level balanced Noise preset for quality/secrets: quiet up to pedantic.
unslop.minConfidence unset Optional confidence floor for scan.
unslop.runOnSave true Re-scan a file on save (debounced).
unslop.extraArgs [] Extra arguments appended to every invocation.

Free and Pro

The in-editor extension is a Pro feature. It's listed under Pro on the pricing page. Entitlement is read from your local, offline-signed license via unslop license show, with no phone-home.

Free still gets a real taste: Unslop: Scan file runs the scan engine on the current file. Pro unlocks the always-on experience, which covers run-on-save, workspace scans, the quality and secrets engines, and the fix flow. Everything else stays in the CLI, which is free forever. When a Pro-only action is used on Free, you get one unobtrusive note pointing at the equivalent CLI command. There is no repeat prompt and no hard block. A missing or expired license degrades to Free rather than breaking anything.

Commands

Command Title
unslop.scanFile Unslop: Scan file
unslop.scanWorkspace Unslop: Scan workspace
unslop.fixFile Unslop: Fix file
unslop.showOutput Unslop: Show output log
unslop.refreshLicense Unslop: Refresh license / tier

Building from source

cd ide/vscode
npm install
npm run build      # esbuild bundle -> dist/extension.js
npm test           # offline unit tests (node:test)
npm run package    # produce a .vsix (does not publish)

License

Proprietary. See LICENSE.md.

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft