IDE Extension Security Scanner

Scan an IDE extension before installing it.

VS Code, Cursor, JetBrains extensions can read every file you open. A malicious one can exfiltrate your credentials, source code, and secrets. Scan first.

▶ Open Scanner

⚠️ Why this matters

Multiple supply chain attacks have hit VS Code and Cursor extension marketplaces. Malicious extensions impersonating popular tools have stolen API keys, source code, and SSH credentials from thousands of developers. The marketplaces don't audit code — you have to.

🔑

Credential Theft

Detects code that reads .ssh keys, .npmrc, .gitconfig, AWS credentials.

📤

Data Exfiltration

Finds network calls that send your code or files to external servers.

🔗

Supply Chain Attacks

Detects typosquatting, dependency confusion, and post-install scripts.

Need MCP scanning too?

Same scanner, same account, full MCP coverage.

→ MCP Security Scanner