Visual Studio Code Extension

Overview

DeepScan's extension for Visual Studio Code helps you to see bugs and quality issues on the fly in your Visual Studio Code.

• Report issues in Problems panel when you open or save a JavaScript/TypeScript file and save it. Supported extensions are *.js, *.jsx, *.mjs, *.ts, *.tsx, and *.vue.
• Highlight issues in the code.
• Show a rule description using a code action. When you click the light bulb of the issue, you can see the detailed description of the rule and grasp what's the problem.

You can browse it in the Visual Studio Code Marketplace and install from within Visual Studio Code.

It's free and open source.

Considerations

Yes, it's free but note that:

Free version transfers the code to the DeepScan server for inspection when you save your changes.

Although your code is completely deleted from the server right after the inspection, you should confirm that your code is transferred to the DeepScan server.

You can confirm it by pressing the Confirm button that appears when restarting VS Code after the installation.

If you want to analyze without DeepScan server, check here.

VS Code Access Token

An access token is required for using the VS Code extension.

To provide reliable and well-managed service at the extension, DeepScan server needs to know who is submitting the inspection requests.

In this process, we use the access token to identify users without requiring access to the actual user credentials.

The token is used only for analyzing files at the extension and does not grant access to any other functions of DeepScan service.

Creating Token

1. Sign up at DeepScan.
2. In the upper-right corner of dashboard, click your profile image, then select Account Settings.
3. Navigate to VS Code Access Token section.
4. Enter a name for the token.
5. Select an expiration date.
6. Click Generate button.

Registering Token at VS Code

1. Copy the generated token.
2. Open VS Code.
3. Open the Command Palette.
4. Select DeepScan: Configure Access Token command.
5. Paste the token in the input box appears and press Enter.

Security Recommendations

• Keep your token secure: Treat your VS Code access token like a password. Do not share it publicly or expose it in your code repositories.
• Use expiration dates: Setting an expiration date on a token adds security by limiting the amount of time the token is valid.
• Regenerate if compromised: If you believe your token has been compromised, immediately revoke it and generate a new one.

Options

You can configure options (enablement, server, ignored rules, ...) through user and workspace settings.

To see all the available options, refer to Settings Options.

Features

Disabling Rules with Inline Comments

While you can exclude project-wide rules via deepscan.ignoreRules option, you can also disable a rule in a file using inline comment.

const x = 0;
x = 1; x + 1; // deepscan-disable-line UNUSED_EXPR

By Ignore this line and Ignore this rule code actions, you can add an inline comment easier.

For detailed information, refer to Disabling rules.

Viewing Rule Information

For a detected issue, you can view the corresponding rule information such as severity, description, non-compliant and compliant examples.

When you click Show rule <rule name> code action menu in the line where the issue is detected, you can view the detailed information of the rule on the right side.

Embedded Mode

Our Visual Studio Code extension has the limitation for transferring the file to the DeepScan server and analyzing a file one by one.

DeepScan supports an embedded mode, which works standalone without the DeepScan server. It works with the local language server so you can:

• never worry about transferring the code outside.
• analyze a whole project rather than a file.

System Requirements

Installation

To run as the embedded mode, the following settings are required:

• Server Embedded: Enable: Controls whether DeepScan inspection should be executed via the embedded server rather than DeepScan server. (Restart required)
• Server Embedded: License: Configures the license for the embedded analysis.
• Server Embedded: Server Jar: Configures the JAR file for the embedded server. (Restart required)

To install, complete the above settings and restart VS Code.

To upgrade, change deepscan.serverEmbedded.serverJar to the path of a newer JAR file and restart VS Code.

Analysis Target

Inspect Project

{
    "deepscan.ignorePatterns": [
        "App.vue",
        "lib/"
    ]
}

ESLint Analysis

Run ESLint. You can see the ESLint alarms altogether with DeepScan's issues.

Node.js and eslint package are required in the local or global. Note that NODE_PATH environment variable is necessary to load the eslint module installed in global.

It directly uses the package so your custom configurations and plugins are applied as is.

The options are as follows:

• Server Embedded > Eslint: Enable: Controls whether ESLint analysis should be executed.
• Server Embedded > Eslint: Merge: Option for how identical issues of DeepScan and ESLint are merged. Default is deepscan.
  • deepscan: Show only DeepScan issue (e.g., BAD_TYPEOF_COMPARISON). Default.
  • eslint: Show only ESLint issue (e.g., valid-type-of)
  • both: Show all issues as is (e.g., BAD_TYPEOF_COMPARISON and valid-type-of)