Git Keizu for Visual Studio Code
View your Git history as a graph, and do common Git actions directly from it

A fork of neo-git-graph by asispts, which is itself a fork of Git Graph by mhutchie, based on commit 4af8583 (May 9, 2019) — the last version released under the MIT license.
Features
- Graph View: See all your branches, tags, and uncommitted changes in one visual graph
- Commit Details: Click on a commit to see what changed, view diffs for any file
- Branch Actions: Right-click to create, checkout, delete, rename, or merge branches
- Tag Actions: Add, delete, and push tags directly from the graph
- Commit Actions: Checkout, cherry-pick, revert, or reset to any commit
- Avatar Support: Optionally fetch commit author avatars from GitHub, GitLab, or Gravatar
- Multi-Repository: Support for multiple Git repositories in one workspace
- Configurable: Customize graph colors, style, date format, and more
Improvements over neo-git-graph
Combined branch/remote labels
Local and remote branches that point to the same commit are now merged into a single pill label.
Before: [main] [origin/main]
After: [main | origin]
The remote name appears in italics after a separator. Right-clicking either part of the pill opens the appropriate context menu (local branch actions or remote branch actions). Double-clicking the remote part opens the checkout dialog.
Security hardening
Git Keizu has undergone a full security audit and remediation (27 issues fixed):
- Shell injection eliminated — all git commands use
child_process.spawn() exclusively; exec() has been removed entirely
- Git binary validation — the configured
git.path is validated to be an absolute path pointing to a git executable, preventing arbitrary command execution via a malicious .vscode/settings.json
- Commit hash validation — every operation that accepts a commit hash validates the format before passing it to git
- Repository path validation — all messages from the webview are checked against the registered repository list, preventing commands from running against arbitrary directories
- Path traversal prevention — file path arguments are checked for
.. sequences
- SSRF protection — avatar fetch requests are restricted to an allowlist of known domains (GitHub, GitLab, Gravatar)
- XSS fixes — commit parent hashes, avatar data URIs, and other dynamic values are properly HTML-escaped before insertion into the webview
Installation
Search for git-keizu in the Extensions panel.
Contributing & Support
Bug reports and feedback via GitHub Issues are welcome. This is a personal project maintained in spare time — responses and fixes are not guaranteed, but reports are appreciated.
License
MIT — see LICENSE.
Not affiliated with or endorsed by the original Git Graph or neo-git-graph projects.