snyk / vulncost

Find security vulnerabilities in open source npm packages while you code
https://marketplace.visualstudio.com/items?itemName=snyk-security.vscode-vuln-cost
MIT License
202 stars 35 forks source link

Don't scan in git diff views #28

Open st-schneider opened 4 years ago

st-schneider commented 4 years ago

Currently it seems to run whenever it sees an import. That includes also read-only diff views and also both sides, that seems highly unnecessary since depending on the commit you are looking at, none of the code exists anymore.

bmvermeer commented 4 years ago

Hi, @bm-stschneider thanks for your comment. Currently, it scans when you open a JavaScript, TypeScript, or HTML file and your package.json file. Can you please elaborate on this issue and how to reproduce and we can look if we can make VSCode exclude this view from scanning.

st-schneider commented 4 years ago

just open a javascript file from gitlens from a previous commit or from a comparison of branches and the scan will go off in the diff view of that commit.