VSCan can detect malicious VSCode extensions

A free diagnostic tool called ' VSCan ' has been released that checks the code of extensions released for Visual Studio Code (VScode) and checks for security issues.

VSCan | VSCode Extension Security Analyzer

VSCan checks publicly available code and other materials for malware and spyware, exploitable vulnerabilities, supply chain risks inherited from dependencies, permission abuse that requests excessive access, and privacy concerns that may result in inappropriate data collection or transmission.

This allows you to check the safety of VSCode extensions, which may use important device permissions to operate, before using them.

Code analysis flags potential problems so a human can check the code to see what it is intended to do.

VSCan's scans are not perfect, and it may flag incorrect code without fully understanding the developer's intent or specific use. The developers of VSCan say that they want you to use it only as a starting point for code review.