VSCode extension · real-time

Vulnerabilities, flagged
as you type.

The XYZ Vulnerability Scanner reads your dependency manifests the moment you edit them, and underlines the risky lines, before anything is ever installed. Across Java, JavaScript (npm), Python, Go and .NET (NuGet), powered by the same supply-chain brain that gates the proxy, now inside your editor.

Install from Marketplace Get a free API key

0 config// scans on save
4 levels// critical → low
5 ecosystems// java · js · py · go · .net

15 "axios": "1.14.1" ⛔ blocked

fig. 01 · hover a flagged dependency

What it does

The verdict, inline,
where you write code.

Same diagnostics in the editor and the terminal: the extension flags risky dependencies on every save, and the xyz CLI gives the identical verdict, terminal-native. One brain, two surfaces.

fig. 02 / inline diagnostics on every dependency

package.json · my-app

Inline vulnerability warnings on package.json dependencies in the XYZ VSCode extension

01
Real-time scanningEvery manifest is analyzed automatically as you edit. No button, no wait.
02
Inline warningsRisky dependencies get squiggly underlines exactly where they live.
03
Severity levelsColor-coded by impact: critical, high, medium, low, mapped to the XYZ risk score.
04
Hover detailsHover a package for CVEs, score, downloads, dependents and campaign links.
05
Exploit detectionPackages with known, weaponized exploits are surfaced first, not buried.
06
Fast, cachedInstant feedback. The brain only re-checks what actually changed.

Hover for the full story

One hover. The entire
risk profile.

Hover a flagged dependency and the extension surfaces the XYZ score, severity, CVEs, exploit status and any active campaign, the same brain that gates the proxy.

package.json · my-app

XYZ hover card showing risk score, severity, CVEs and exploit status for a flagged dependency in VSCode

fig. 03 · hover card (live in the editor)

Severity at a glance

Color tells you
how fast to move.

Criticalblock · do not install

Highquarantine · review now

Mediumalert · plan a fix

Lowinformational

Get started

Installed in
under a minute.

Install the extension

Open Extensions (⌘⇧X) and search "XYZ Vulnerability Scanner", or install from the Marketplace.

Open in Marketplace →

Add your API key

Run XYZ: Configure API Key from the command palette. Grab a free key at app.cyberxyz.io.

>XYZ: Configure API Key

Open a project

Open any repo with a package.json. Scanning starts automatically, results show inline and in the status bar.

// the ask

Catch it in the editor,
not in production.

See the extension and the full platform in a 15-minute walkthrough. We'll wire it into your team's editors and CI.

✓ Free API key
✓ Java · JS · Python · Go · .NET
✓ Same brain as the proxy

✓

Thanks! We'll be in touch.

Check your inbox. We'll reach out within 24 hours.

Vulnerabilities, flaggedas you type.

The verdict, inline,where you write code.

One hover. The entirerisk profile.

Color tells youhow fast to move.

Installed inunder a minute.