RiskVoid Security Linter
Real-time security analysis for AI-generated code. Catch vulnerabilities before they reach production.
RiskVoid detects security vulnerabilities commonly found in code generated by AI assistants like GitHub Copilot, Cursor, ChatGPT, and Claude.
Why RiskVoid?
AI coding assistants are powerful productivity tools, but they can introduce security vulnerabilities:
- SQL Injection - Unsanitized database queries
- Cross-Site Scripting (XSS) - Unescaped user input in HTML
- Command Injection - Shell commands with user data
- Hardcoded Secrets - API keys, passwords, tokens in code
- Weak Cryptography - MD5/SHA1 for passwords, weak random
- Path Traversal - File access without validation
RiskVoid transforms "500 vulnerabilities found" into "5 critical issues requiring immediate attention" through intelligent prioritization based on business context.
Features
Real-Time Security Analysis
Get instant feedback as you write code. No need to run separate scans - security issues are highlighted the moment they're introduced.
- OWASP Top 10 vulnerability coverage
- Works with JavaScript, TypeScript, Python, and Java
- No configuration required - works out of the box
Smart Prioritization
Not all vulnerabilities are equal. RiskVoid understands your code's context:
- Automatically identifies critical code paths (authentication, payments, data handling)
- Calculates risk scores based on business impact
- Filters noise so you focus on what matters
Supply Chain Security
Monitor your dependencies for known vulnerabilities:
- Real-time CVE detection via OSV database
- Severity scores and fix recommendations
- Support for npm and pip packages
Interactive Dashboard
Access your security posture at a glance:
- Real-time security score (0-100) in the status bar
- Comprehensive side panel with issue breakdown
- One-click navigation to vulnerable code
- Detailed explanations with remediation guidance
Supported Languages
| Language |
Support Level |
| JavaScript |
Full |
| TypeScript |
Full |
| React (JSX/TSX) |
Full |
| Python |
Full |
| Java |
Full |
Quick Start
Installation
- Open VSCode
- Go to Extensions (
Ctrl+Shift+X / Cmd+Shift+X)
- Search for "RiskVoid Security Linter"
- Click Install
Usage
Once installed, RiskVoid automatically analyzes files when you open or save them. Security issues appear as:
- Red squiggles - Critical/High severity
- Yellow squiggles - Medium severity
- Blue squiggles - Low/Info severity
Commands
Access via Command Palette (Ctrl+Shift+P / Cmd+Shift+P):
| Command |
Description |
| RiskVoid: Scan Current File |
Immediate scan of active file |
| RiskVoid: Scan Workspace |
Analyze all supported files |
| RiskVoid: Scan Dependencies |
Check for CVEs in dependencies |
| RiskVoid: Show Security Report |
Open the dashboard |
Configuration
Basic Settings
{
"riskvoid.enabled": true,
"riskvoid.intelligence.enabled": true,
"riskvoid.intelligence.contextualScoring": true
}
Criticality Configuration
Create a .riskvoid.yml file in your workspace root to customize priority paths:
critical_paths:
- src/payments
- src/auth
- src/api
low_priority_paths:
- test
- __tests__
- fixtures
Privacy & Security
- 100% Local Analysis - All code scanning happens on your machine
- No Code Upload - Your source code never leaves your computer
- No Telemetry - We don't track you or collect analytics
Requirements
- VSCode 1.74.0 or higher
- Internet connection for initial setup and dependency scanning (OSV database)
Feedback & Support
Changelog
See CHANGELOG for version history.
License
This extension is proprietary software. See LICENSE for details.
Made with care by the RiskVoid team
