Analysis results: Snyk Open Source
Last updated
Last updated
Snyk Open Source analysis shows vulnerabilities in your code with every scan. The scan runs in the background and is enabled by default.
In the Problems tab of the Visual Studio Code results screen, you can see all vulnerabilities found in your project.
The editor window shows security vulnerabilities in open-source modules while you code in JavaScript, TypeScript, and HTML. Receive feedback in-line with your code, such as how many vulnerabilities a module that you are importing contains. The editor exposes only top-level dependency vulnerabilities; for the full list of vulnerabilities refer to the side panel.
You can find security vulnerabilities in the npm packages you import and see the known vulnerabilities in your imported npm packages as soon as you require them:
Code inline vulnerability counts are also shown in your package.json
file:
Find security vulnerabilities in your JavaScript packages from well-known CDNs (Content Delivery Networks). The extension scans any HTML files in your projects and displays vulnerability information about the modules you include from your favorite CDN.
Currently supported CDNs are:
unpkg.com
ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
yastatic.net
ajax.aspnetcdn.com
You can navigate to the most severe vulnerability by triggering the provided code actions. This opens a vulnerability window to show more details:
The Open Source Security (OSS) vulnerability window shows information about the vulnerable module.
Links to external resources (CVE, CWE, Snyk Vulnerability DB) to explain the vulnerability in more detail
CVSS score and exploit maturity
Detailed path on how vulnerability is introduced to the system
Summary of the vulnerability together with the remediation advice to fix it