Is 脚注大师 safe?

Findings

Unverified Publisher

Flags items published by entities that haven’t gone through the publisher verification process of the marketplace. Lack of verification may indicate higher risk, as the publisher’s identity and trustworthiness are unconfirmed.

medium

Impersonating Low Confidence

This item was found as likely to be impersonating another popular extensions on the marketplace.

medium

Unmaintained Item

Flags items that are not maintained on the marketplace, suggesting concerns about the item's reputation and the publisher's reliability.

low

All findings are available for Enterprise users

Code analysis

AI-powered analysis of the extension's source code for security insights and risk assessment.

This Javascript code defines a VS Code extension named "footnote-master" with the following features:

Configuration Management:

Retrieves Configuration: Gets extension-specific configurations from the user's VS Code settings (footnote-master.*).
Handles Configuration Changes: Listens for changes in the user's settings, particularly for superscriptData and listItemID. If these are not set, it provides default values ("footnote").
Stores Configuration: Saves updated configuration values to the user's global settings.

Commands:

footnote-master.generateSuperscript:
- Inserts a <sup> tag with a data attribute and placeholder for footnote numbers.
- If text is selected, uses it as the footnote number; otherwise, inserts a placeholder ($0) for manual input.
footnote-master.generateListItem:
- Transforms selected lines into list items (<li>) for footnotes.
- Extracts footnote numbers from the lines and uses them for id attributes.
- Handles blank lines and ensures proper closing </li> tags.
footnote-master.reorder:
- Prompts the user for:
  - The starting footnote number for reordering.
  - The reordering rule (positive for ascending, negative for descending).
- Updates footnote numbers in both superscript tags and list item IDs based on the provided rule.
- Informs the user about the reordering results.

Functionality:

The code uses regular expressions to identify and manipulate footnote-related patterns in the text.
It provides user input validation for the reordering parameters, ensuring they are integers.
It leverages the VS Code API for text editing, user interaction (input boxes, information messages), and accessing configurations.

Purpose:

This extension aims to simplify footnote management in VS Code by automating the process of:

Inserting superscript tags and list items.
Reordering footnote numbers according to user-defined rules.
Providing a configurable way to customize footnote markup.

API Calls

API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

API CALLS ARE AVAILABLE FOR ENTERPRISE USERS

Secrets

Any encoded/decoded secrets we managed to find in the source code, git repository, or related files

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

SECRETS ARE AVAILABLE FOR ENTERPRISE USERS

Vulnerabilities

Known vulnerabilities and security issues detected in the extension's dependencies and code.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

VULNERABILITIES ARE AVAILABLE FOR ENTERPRISE USERS

External communication

Any identifiers we detected that may indicate external communication from the item's code

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

EXTERNAL COMMUNICATIONS ARE AVAILABLE FOR ENTERPRISE USERS

Dependencies

Dependencies and third-party libraries used by the extension, including version information and license details.

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

DEPENDENCIES ARE AVAILABLE FOR ENTERPRISE USERS

Licenses & Compliance

high

Enterprise Only

medium

Enterprise Only

low

Enterprise Only

LICENSES & COMPLIANCE ARE AVAILABLE FOR ENTERPRISE USERS