Repo Does not Exist
Flags items that have claimed to be open-source but the repository does not exist.
medium
Findings
Snippet Running Code
Flags Snippet type extensions that run code on the user's machine. Snippet should be static JSON files and not execute any code.
medium
Unverified Publisher
Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.
medium
All findings are available for Enterprise users
Code analysis
AI-powered analysis of the extension's source code for security insights and risk assessment.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
CODE INSIGHTS ARE AVAILABLE FOR ENTERPRISE USERS
API Calls
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
API CALLS ARE AVAILABLE FOR ENTERPRISE USERS
Secrets
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
SECRETS ARE AVAILABLE FOR ENTERPRISE USERS
Vulnerabilities
Known vulnerabilities and security issues detected in the extension's dependencies and code.
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS
External communication
Any identifiers we detected that may indicate external communication from the item's code
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
EXTERNAL COMMUNICATIONS ARE AVAILABLE FOR ENTERPRISE USERS
Dependencies
Dependencies and third-party libraries used by the extension, including version information and license details.
@types/glob
Version:
Unknown
@types/mocha
Version:
Unknown
@types/node
Version:
Unknown
All dependencies are available for Enterprise users
Licenses & Compliance
high
Enterprise Only
Enterprise Only
Enterprise Only
medium
Enterprise Only
Enterprise Only
Enterprise Only
low
Enterprise Only
Enterprise Only
Enterprise Only
LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS