Guide to Socket for VS Code
The Socket VS Code Extension is available in the VS Code extension marketplace and OpenVSX registry.
Settings
The extension comes with various settings that can be configured by looking in your editor preferences under the "Extensions" tab "Socket Security" section.
These settings can adjust which issues are shown and can disable reports if desiring to work in a zero network configuration.
Team Management
It may be desirable to suggest installing the VS Code extension for any team member. This can be done by adding a Workspace Recommended Extension in the .vscode/extensions.json
file of the workspace root directory:
{
"recommendations": [
"SocketSecurity.vscode-socket-security"
]
}
Limitations
Requires an internet connection for reports on package manifest files. This is to access the Socket API for analysis. Some analysis such as bin confusion cannot be done using a reference to a single dependency.
The extension only works on local files and does not integrate any organization level setting like the GitHub App does. This will likely change in the future.
The extension only works on the current files on disk and not historical data. If you need historical diffing or other tracking features use the Github App.
Auth and Permissions
The extension will use an API key for creating tokens if setup to do so; however, it will function without providing an API key. The extension will try to use the same configuration as the CLI on disk. The API keys used by the extension require the following scopes:
report:read
report:write
Updated about 2 months ago