Visual Studio Code extension flags NPM vulnerabilities

0
238


Security developer Snyk has published a free extension for that finds vulnerabilities in packages.

Introduced April 2, the open source Snyk Vuln Cost extension serves as a security scanner, providing feedback inline as developers code. With 80 percent to 90 percent of code today being heavily dependent on open source packages, developers need to know what these packages do, Brian Vermeer, Vuln Cost project lead, said.

The Snyk Vuln Cost tool can also find vulnerabilities in JavaScript packages from well-known CDNs by scanning HTML files in your projects. Currently supported CDNs include:

  • unpkg.com
  • ajax.googleapis.com
  • cdn.jsdelivr.net
  • cdnjs.cloudflare.com
  • code.jquery.com
  • maxcdn.bootstrapcdn.com

The extension is available from the . Users who connect Vuln Cost to a Snyk account get additional capabilities, including a vulnerability severity level, an overview of security issues in a project, and remediation advice.

Copyright © 2020 IDG Communications, Inc.