EVE SHOUYE (守夜) — VS Code / Cursor Extension
Trust Before Install. Helps you scan npm packages before installation.
Observe. Verify. Trust.
Features
- Scan Package — Command palette:
EVE SHOUYE: Scan Package
- Scan Project — Diff-aware scan of
package.json + lockfile
- Scan Selection — Scan package name from
package.json
- Scan Dependencies — Pick a dependency from
package.json to scan
- Show Changed Dependencies — View dependency changes in your project
- Shell Hook — Generate bash/zsh/fish/PowerShell hook via
EVE SHOUYE: Show Shell Hook
Use shouye hook in your shell profile to intercept npm install in any terminal.
Requirements
Install the Python CLI and ensure shouye is on your PATH (legacy alias: shadow).
From PyPI (when published)
pip install eve-shouye[cli]
From source
git clone https://github.com/Oerbagietam/eve-shouye.git
cd eve-shouye
pip install -e ".[cli]"
Configure eveShouye.shouyePath in settings if shouye is not on PATH.
Settings
| Setting |
Default |
Description |
eveShouye.shouyePath |
shouye |
Path to shouye CLI |
eveShouye.diagnostics.enabled |
false |
Inline warnings in package.json |
eveShouye.scanOnSave |
false |
Scan project when package.json is saved |
Limitations
- Metadata-only analysis — does not guarantee detection of all supply chain attacks
- Does not detect runtime or protestware behavior
- Requires the
shouye CLI installed separately
- Hooks warn but do not block installation
Cursor / Open VSX
Install from Open VSX in Cursor, or via Extensions: Install from VSIX.
Support
Report issues at github.com/Oerbagietam/eve-shouye/issues.
License
MIT
| |
