VSCan

VSCan: A Helpful Tool to Check VS Code Extensions for Security Issues

VSCan is a free tool that helps keep Visual Studio Code (VSCode) extensions safe. It checks extensions for possible problems before you install them. This is important because extensions often need access to your files, network, and login details.

What VSCan Can Do

n

1. Enter Extension Info: You can tell VSCan the name or ID of the extension you want to check.

n

2. Deep Check: VSCan looks at the extension's code, permissions, and other details. It checks for:

n

n
• Hidden viruses and tricky code
n
• Risky permissions and how the extension uses them
n
• Weak spots that could be exploited
n
• Dangerous connections to other networks
n
• Problems from other programs the extension uses
n
• Too many permissions that aren't needed
n
• Privacy issues that could collect or send your data without you knowing
n

n

3. Easy-to-Understand Results: VSCan gives you a simple report that explains any risks the extension might have.

n

4. Extra Safety: VSCan also has special safety features to stop extensions from doing bad things while they're running. This gives you another layer of protection.

n

Why VSCan is Important

Some extensions in the marketplace can be harmful. They might secretly hurt your device. VSCan helps you see if an extension is safe before you install it. This way, you can make a good choice.

Remember

VSCan gives you information but can't guarantee safety. It might miss some things or warn you about things that aren't actually dangerous. Always be careful, check what the extension can do, see who made it, and look at the code if you can. Use VSCan as one part of checking an extension.

What People Are Saying

The person who made VSCan wants you to try it and tell them what you think. VSCan has already helped people find many problems in extensions, showing that it works well.

Examples of What VSCan Found

From checking 1077 extensions, VSCan found:

n
• 3 extensions that VirusTotal said were bad
n
• 7 extensions making bad connections to other networks (VirusTotal agreed)
n
• 33 extensions with parts that had big problems
n
• 39 extensions that had secret info like passwords
n
• 204 extensions that didn't follow good rules for making programs (OSSF said so)
n
• 71 extensions that wanted too many permissions (this might not be bad, but it could be risky)
n

Final Thoughts

VSCan is great for anyone who uses VSCode extensions. It helps you see if an extension is safe to use. By using VSCan's checks and extra safety features, you can lower the risks of using extensions and keep your device safer.