DependencyAudit — Vulnerabilities on Your Import Lines

npm audit is a separate command nobody remembers to run. DependencyAudit surfaces vulnerabilities on the import line, while you code.

Free

• High/critical CVE badges on import statements
• Safe-version hint + CVE details on hover
• Vulnerability summary panel

Pro

• License compliance — flags GPL/AGPL/copyleft in your dependencies
• Transitive scanning across the entire lockfile
• Pre-commit critical-vulnerability check

Vulnerability data comes from OSV.dev (queried live; nothing is sent except package names + versions). Resolves installed versions from package-lock.json.

Get a Pro key at marketplace.dashovia.com/extensions/dependency-audit.