Herozion — VS Code / Cursor extension

Real-time security diagnostics powered by Herozion.

Features

• Real-time analysis while you edit (Python, JavaScript, TypeScript, and more)
• Problems panel integration — source herozion
• Scan Workspace — full project scan from the Command Palette
• Works in VS Code and Cursor

Prerequisites (required)

The extension does not bundle the scanner. Install the Herozion CLI first:

npm install -g herozion

Or with Homebrew:

brew install herozion

Verify:

herozion --version

Install the extension

Option A — VSIX (fastest, no Marketplace wait)

1. Download herozion-vscode-*.vsix from GitHub Releases (asset attached to each release).
2. In VS Code or Cursor: Extensions → ... menu → Install from VSIX...
3. Select the .vsix file.
4. Reload the window.

Option B — VS Code Marketplace

Search Herozion in the Extensions view, or install:

ext install herozion.herozion-vscode

(Cursor also supports most VS Code Marketplace extensions.)

Settings

Example (local development from this repo):

{
  "herozion.cli.path": "/path/to/.venv/bin/herozion",
  "herozion.pythonPath": "/path/to/.venv/bin/python",
  "herozion.lsp.path": "auto"
}

Usage

1. Open a folder (not a single file).
2. Open a supported file (Python, JS/TS, Java, Go, etc.).
3. Wait ~1s — issues appear in Problems (source: herozion).

4. Commands (Command Palette):
   • Herozion: Scan Workspace
   • Herozion: Analyze Active File
   • Herozion: Show Output Log

Check the status bar: Herozion: 2 issue(s) or Herozion: OK.

Troubleshooting

1. Output → Herozion — must show CLI OK: and CLI: ... → N finding(s).
2. If you see CLI not found, run npm install -g herozion and set herozion.cli.path.
3. View → Problems — filter by source herozion.
4. Save the file before scanning if you only use the CLI path (unsaved buffers use Python fallback when available).

Publish (maintainers)

See MARKETPLACE.md.