ExtensionTotal - VSCode
Overview
ExtensionTotal is a free Visual Studio Code extension designed to enhance your development environment's security. By utilizing ExtensionTotal, it scans all your installed extensions, helping you identify and mitigate potential security risks.
Features
- Extension Scanning: Scan all your installed extensions for security vulnerabilities.
- Background Scanning: ExtensionTotal continuously scans your extensions in the background whenever you open VSCode.
- Detailed Security Reports: Receive comprehensive reports on the security status of each extension.
- Real-Time Alerts: Get immediate notifications for any detected security threats.
Installation
To install the VSCode ExtensionTotal Scanner:
- Open Visual Studio Code.
- Navigate to the Extensions view by clicking the Extensions icon in the Activity Bar or pressing
Ctrl+Shift+X
.
- Search for
ExtensionTotal
.
- Click Install to add the extension to your environment.
Get an API key (Free)
ExtensionTotal API is FREE for up to 30 requests per day. To begin get your API key at ExtensionTotal Website
If you need more and would like to support us, visit our ExtensionTotal Sponsorship Page and choose a membership that suits your needs.
We'll send the API key in 1-2 days to the email provided in the membership payment.
Available Memberships:
- Personal: Up to 50 requests per day
- Plus: Up to 250 requests per day
- Unlimited: per day :)
Adding Your API Key
To add your API key for ExtensionTotal:
- Open Visual Studio Code.
- Go to
Settings
> Extensions
> ExtensionTotal
.
- Enter your API key in the provided field.
Usage
Real-Time Alerts
- The extension provides real-time alerts for any new security issues found in your extensions.
- Notifications will appear in VSCode, allowing you to address potential risks immediately.
Organizations and Rate Limits
For organizations or to increase rate limits, please visit our website.
Contributing
We welcome contributions! If you have suggestions, ideas, or bug reports, please open an issue or submit a pull request on our GitHub repository.
License
This project is licensed under the MIT License. See the LICENSE file for details.
For questions or support, please contact us at amit@extensiontotal.com.
Example scripts for API use
$codeExtensions = $(code --list-extensions)
Write-Output += "Found $($codeExtensions.Count) extensions to check..."
$extArray = @()
foreach ($extension in $codeExtensions) {
$headers = @{
"Content-Type" = "application/json"
"Cookie" = "SameSite=None"
"X-API-Key" = "API_KEY_HERE"
}
$payload = @{
"q" = $extension
}
$response = Invoke-WebRequest -Uri 'https://app.extensiontotal.com/api/getExtensionRisk' `
-Method Post `
-Body $( $payload | ConvertTo-Json) `
-Headers $headers
$responseContent = $response.Content | ConvertFrom-Json
$extArray += $responseContent
Start-Sleep -Seconds 10
}
$extArray | Sort-Object -Property risk -Descending | Format-Table -Property display_name, version, risk, updated_at
loggedInUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ { print $3 }' )
codePath="/Applications/Visual Studio Code.app/Contents/Resources/app/bin/code"
codeExtensions=$(sudo -u "$loggedInUser" "$codePath" --list-extensions)
while IFS= read -r line || [[ -n $line ]]; do
content=$(curl -s --location 'https://app.extensiontotal.com/api/getExtensionRisk' \
--header 'Content-Type: application/json' \
--header 'X-API-Key: API_KEY_HERE' \
--header 'Cookie: SameSite=None' \
--data "{
\"q\": \"$line\"
}")
risk=$(jq -r '.risk' <<<"$content")
echo "$line - $risk"
done < <(printf '%s' "$codeExtensions")
Thank you for using the VSCode ExtensionTotal Scanner! Stay secure and happy coding!