v2.6 — 8 ecosystems · CVE detection · Pro available

Know what's vulnerable
before your users do

Real-time CVE detection and outdated package alerts for Python, Node.js, Rust, Go, PHP, Ruby and Java projects — directly inside VS Code. Zero config. Free.


Security visibility,
zero friction

ScanReq plugs into your existing workflow. Open a project and it just works.

Multi-Ecosystem Support

Scans Python, Node.js, Rust, Go, PHP, Ruby and Java (Maven & Gradle) automatically. 8 ecosystems, zero configuration.

CVE Detection

Queries OSV.dev for known vulnerabilities on exact versions (==). CVE IDs and descriptions inline.

Visual Results Panel

Color-coded table with version badges and security status. Red, orange, green — health at a glance.

Smart Insights

Contextual alerts at the bottom of each scan: critical CVE warnings, bulk update notices, actionable advice.

Auto-refresh

The panel updates automatically whenever you save any dependency file. No manual re-runs.

English & Spanish

UI language follows your VS Code language setting. More languages coming based on user demand.


Full coverage
for every project

The free plan covers exact versions. Pro goes further — CVE scanning for all version specifiers, compatibility analysis, and AI-ready reports.

⚡ Pro
  • CVE detection for non-exact versions — coverage for >=, ~=, ranges and more
  • Cross-version compatibility analysis — find conflicts before they break your build
  • Safe update recommendations — know exactly which version to upgrade to
  • 🤖 AI prompt export — one click to copy a structured prompt for Claude, Copilot or Cursor
  • Priority support — direct access for fast issue resolution

An AI agent doing the same job costs ~$0.85 per scan in tokens. Pro pays for itself in 23 scans — which a working developer hits in a week.

$19

One-time · No subscription · 1 developer

→ Get Pro — $19

Free vs Pro

Feature Free Pro
All 8 ecosystems (Python, Node.js, Rust, Go, PHP, Ruby, Java)
Registry version check (PyPI, npm, crates.io, Maven Central…)
CVE detection (exact versions)
Visual results panel
Smart insights
CVE detection for non-exact versions
Cross-version compatibility analysis
Safe update recommendations
🤖 AI prompt export
Priority support

Real projects,
real results

Scanned against real open-source projects from GitHub — not hand-picked examples.

Node.js — axios 1.13.0 with 5 HIGH CVEs detected, major version jumps flagged

ScanReq panel showing a Node.js project with 77 outdated packages and 13 CVEs, including 5 HIGH severity CVEs on axios

Gradle — commons-io CVE detected inline with GHSA ID and severity

ScanReq panel showing a Gradle project with 4 outdated packages and 1 CVE on commons-io

Pro — Safe update plan with 3-phase migration table and compatibility analysis

ScanReq Pro compatibility analysis panel showing Phase 1 low-risk and Phase 2 medium-risk update recommendations

Install in seconds

From the VS Code Command Palette or directly from the terminal:

ext install trustdev.scanreq

↗ Open in VS Code Marketplace
This site uses cookies strictly necessary for payment processing (Stripe) and infrastructure (Cloudflare). No analytics, no tracking. Learn more →