This extension provides automatic reporting of security concerns from Socket Security. The features of this extension aim to provide guidance through all stages of development.
importandrequirein Javascript are detected and given summary scores to show concerns with configurable overlays. These overlays will persist even after package installation.
Workspaces are against Socket's reporting utilities upon detection of package.json files. Note these also run prior to actual installation as the presence in package.json is enough.
-
package.jsonfiles and packages listed within are detected and run against more thorough issue reporting to see exact issues. These are listed in the "Problems" tab for easy access. -
importandrequireof packages with issues found in reporting are provided hovers which also summarize their issues.
- Simplified github application installation is provided as a code lense inside of
package.jsonfiles by detecting the user/organization and setting up the installation workflow automatically with a simple click. These reports are more fully featured and include things such as transitive issue aggregation and diffing from one commit to another. If you want these features please install the github app.
If you are in charge of a team you may wish to setup this up as a recommended extension or other organization level settings. Please refer to our docs.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
