Visual Studio Code extension flags NPM vulnerabilities

Stability developer Snyk has released a free extension for Microsoft’s well known Visible Studio Code editor that finds vulnerabilities in NPM packages.

Introduced April 2, the open up supply Snyk Vuln Charge extension serves as a protection scanner, furnishing feedback inline as builders code. With eighty per cent to 90 per cent of code these days becoming intensely dependent on open up supply packages, builders have to have to know what these packages do, Brian Vermeer, Vuln Charge project guide, claimed.

The Snyk Vuln Charge instrument can also obtain vulnerabilities in JavaScript packages from effectively-identified CDNs by scanning HTML documents in your jobs. At the moment supported CDNs incorporate:

  • unpkg.com
  • ajax.googleapis.com
  • cdn.jsdelivr.net
  • cdnjs.cloudflare.com
  • code.jquery.com
  • maxcdn.bootstrapcdn.com

The extension is offered from the Visible Studio Market. Customers who hook up Vuln Charge to a Snyk account get added capabilities, such as a vulnerability severity amount, an overview of protection challenges in a project, and remediation guidance.

Copyright © 2020 IDG Communications, Inc.