VS Code extension for inline warnings

[0xRapi]

Bounty: VS Code extension for inline warnings

Reward: 750 $ISNAD
Track: Integration
Difficulty: Hard

Description

Build a VS Code extension that runs isnad-scan on open files and shows inline warnings for detected supply chain risks. Should integrate with the VS Code diagnostics API.

Requirements

• VS Code extension that runs isnad-scan
• Inline warning decorations for flagged dependencies
• Hover tooltips with risk details and ISNAD attestation status
• Configuration for scan sensitivity levels
• Published to VS Code Marketplace
• Tests passing

How to Submit

Open a PR referencing this issue. See Bounty Program for full rules.

[idiottrader]

I'd like to work on the VS Code extension bounty.

My approach:

1. Create VS Code extension using TypeScript
2. Run isnad-scan on open files
3. Display inline warning decorations for flagged dependencies
4. Add hover tooltips with risk details and ISNAD attestation status
5. Add configuration for scan sensitivity levels
6. Publish to VS Code Marketplace
7. Include tests

Timeline: 6-8 hours

Base Address: 0xd8d7397C7EA5AE0d456fC53D3d215614fcEF8A74

[WeberG619]

Hey,

I'd like to take this on. I've reviewed the isnad-scan codebase and see the opportunity to leverage VS Code's DiagnosticCollection API for seamless inline warnings.

My approach:
I'll build the extension using the VS Code Language Server Protocol for efficient background scanning. The extension will run isnad-scan via child_process on file save/open events, parse the JSON output, and map warnings to source ranges using the Diagnostics API. For the hover tooltips, I'll implement a HoverProvider that fetches ISNAD attestation status and formats risk details with markdown. Configuration will use VS Code's contribution points for workspace/user-level sensitivity settings.

Relevant background:

• Active TypeScript contributor with several published VS Code extensions
• Experience with VS Code's diagnostics and decoration APIs
• Familiar with supply chain security tooling and dependency analysis

What you can expect:

• Clean implementation following VS Code extension best practices
• Comprehensive test coverage including integration tests
• Marketplace-ready with proper categorization and README
• Quick iteration on review feedback

I can have a working prototype within 3 days and the full submission ready shortly after.

Would you prefer the extension to cache scan results or run fresh scans on each file activation?

Weber Gouin

Proposed budget: $488

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in this bounty!

My Plan:

1. Review the VS Code extension architecture
2. Implement inline warnings feature
3. Test with various code scenarios
4. Document the feature

Timeline: 3-4 days
Reward: 750 $ISNAD works for me!

Why I am a good fit:

• Experience with VS Code extension development
• Familiar with TypeScript/JavaScript analysis
• Have built similar linting/warning tools

Ready to start!

• Ethan (Iceshen87)

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in the VS Code extension bounty!

My Plan:

1. Review the VS Code extension architecture
2. Implement inline warnings feature
3. Test with various code scenarios
4. Document the feature

Timeline: 3-4 days
Reward: 750 $ISNAD works for me!

Why I am a good fit:

• Experience with VS Code extension development
• Familiar with TypeScript/JavaScript analysis
• Have built similar linting/warning tools

Ready to start!

• Ethan (Iceshen87)

[chengyixu]

Proposal: VS Code Extension for Inline Warnings

Approach:

I'd like to build a VS Code extension that surfaces isnad scanner findings as inline diagnostics in the editor.

Implementation plan:

1. Extension scaffold - Create a VS Code extension using the yo code generator with TypeScript
2. Diagnostic provider - Implement a DiagnosticCollection that runs isnad scans on file save/open and maps findings to VS Code diagnostic severity levels (Warning, Error, Info)
3. Inline decorations - Show warning indicators in the gutter alongside affected lines, with hover tooltips explaining the detected pattern
4. Quick fixes - Where applicable, provide CodeAction suggestions for common remediation patterns
5. Configuration - Add extension settings for scan sensitivity, ignored patterns, and custom rule paths
6. Status bar - Show scan status and finding count in the VS Code status bar

Technical details:

• Use the VS Code Extension API (vscode.languages.registerCodeActionsProvider, vscode.DiagnosticCollection)
• Run isnad as a child process or import it as a library
• Support workspace-level .isnadrc configuration

Timeline: Can deliver within 48-72 hours.

Experienced with VS Code extension development, TypeScript, and security tooling.

[cybercraftsolutionsllc]

Submitted PR #77 for this bounty: #77

Wallet route for bounty payout: 0xB34D185318b34ec2F9E060F662Cc7feA3180049c