Vulnerability Checker

A VS Code extension that scans your Gemfile and package.json for known vulnerabilities using the OSV.dev database.

Features

• Auto-Scanning: Scans for vulnerabilities instantly when opening or saving a file.
• Diagnostic Squiggles: Highlights vulnerable packages directly in your editor.
• Rich Tooltips: Hover over a red squiggle to see CVE IDs, severity scores, and links to advisories.
• Lock File Support: Reads your Gemfile.lock, package-lock.json, and yarn.lock behind the scenes for accurate version resolution.
• Caching: Prevents redundant network requests by caching results locally.
• Status Bar: Provides quick visibility into the security of your open project files.

How it Works

1. Open a Gemfile or package.json.
2. The extension automatically sends the package versions to api.osv.dev.
3. If a vulnerability exists, the package name is underlined in red.
4. Hover the underlined package for details.

Settings

• vulnerabilityChecker.scanOnSave: Enable or disable automatic scanning when you save a file. (Default: true)

Requirements

No external dependencies are required. The extension uses built-in Node modules and talks directly to the public OSV API.