Black Mamba VS Code Extension

Scan Python requirements.txt files for CVE vulnerabilities with AI-powered breaking change analysis.

Features

• Inline vulnerability decorations - see CVE counts per package with hover details and osv.dev links
• File explorer badge - files with vulnerabilities are marked with a warning icon
• One-click upgrades - upgrade individual or all vulnerable packages via PyPI
• Full workflow - upgrade packages, run tests in isolated venv, AI-powered breaking change analysis, auto-apply fixes, re-run tests
• HTML security report - auto-generated report with CVE findings, breaking changes, and test results
• Multi-model AI - works with GitHub Copilot, Anthropic Claude, and OpenAI via VS Code Language Model API
• Cross-file consistency check - detect conflicting package versions across multiple requirements files

How it works

When you open a requirements file, the extension:

1. Parses all packages and their pinned versions
2. Queries OSV.dev for known CVE vulnerabilities (batched, cached)
3. Shows inline decorations with CVE details
4. Offers code actions to upgrade vulnerable packages

Commands

• Black Mamba: Scan Requirements for Vulnerabilities - scan all requirements files in the workspace
• Black Mamba: Clear Vulnerability Cache - reset cached CVE data
• Black Mamba: Select AI Model - choose preferred AI model for analysis
• Black Mamba: Check Version Consistency Across Requirements Files - detect conflicting versions

Configuration

Requirements

• Python 3.x (uses the interpreter selected in the VS Code Python extension)
• VS Code 1.99.0 or later
• Python extension (ms-python.python) - declared as a dependency

Dev quickstart

cd black-mamba-vscode
npm ci
npm run compile
npm test
npm run bundle

Press F5 to launch an Extension Development Host.

Packaging (VSIX)

npx vsce package