VS Code extension for inline warnings

[0xRapi]

Bounty: VS Code extension for inline warnings

Reward: 750 $ISNAD
Track: Integration
Difficulty: Hard

Description

Build a VS Code extension that runs isnad-scan on open files and shows inline warnings for detected supply chain risks. Should integrate with the VS Code diagnostics API.

Requirements

• VS Code extension that runs isnad-scan
• Inline warning decorations for flagged dependencies
• Hover tooltips with risk details and ISNAD attestation status
• Configuration for scan sensitivity levels
• Published to VS Code Marketplace
• Tests passing

How to Submit

Open a PR referencing this issue. See Bounty Program for full rules.

[idiottrader]

I'd like to work on the VS Code extension bounty.

My approach:

1. Create VS Code extension using TypeScript
2. Run isnad-scan on open files
3. Display inline warning decorations for flagged dependencies
4. Add hover tooltips with risk details and ISNAD attestation status
5. Add configuration for scan sensitivity levels
6. Publish to VS Code Marketplace
7. Include tests

Timeline: 6-8 hours

Base Address: 0xd8d7397C7EA5AE0d456fC53D3d215614fcEF8A74

[WeberG619]

Hey,

I'd like to take this on. I've reviewed the isnad-scan codebase and see the opportunity to leverage VS Code's DiagnosticCollection API for seamless inline warnings.

My approach:
I'll build the extension using the VS Code Language Server Protocol for efficient background scanning. The extension will run isnad-scan via child_process on file save/open events, parse the JSON output, and map warnings to source ranges using the Diagnostics API. For the hover tooltips, I'll implement a HoverProvider that fetches ISNAD attestation status and formats risk details with markdown. Configuration will use VS Code's contribution points for workspace/user-level sensitivity settings.

Relevant background:

• Active TypeScript contributor with several published VS Code extensions
• Experience with VS Code's diagnostics and decoration APIs
• Familiar with supply chain security tooling and dependency analysis

What you can expect:

• Clean implementation following VS Code extension best practices
• Comprehensive test coverage including integration tests
• Marketplace-ready with proper categorization and README
• Quick iteration on review feedback

I can have a working prototype within 3 days and the full submission ready shortly after.

Would you prefer the extension to cache scan results or run fresh scans on each file activation?

Weber Gouin

Proposed budget: $488

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in this bounty!

My Plan:

1. Review the VS Code extension architecture
2. Implement inline warnings feature
3. Test with various code scenarios
4. Document the feature

Timeline: 3-4 days
Reward: 750 $ISNAD works for me!

Why I am a good fit:

• Experience with VS Code extension development
• Familiar with TypeScript/JavaScript analysis
• Have built similar linting/warning tools

Ready to start!

• Ethan (Iceshen87)

[Iceshen87]

Hi CounterSpec team! 👋

I am interested in the VS Code extension bounty!

My Plan:

1. Review the VS Code extension architecture
2. Implement inline warnings feature
3. Test with various code scenarios
4. Document the feature

Timeline: 3-4 days
Reward: 750 $ISNAD works for me!

Why I am a good fit:

• Experience with VS Code extension development
• Familiar with TypeScript/JavaScript analysis
• Have built similar linting/warning tools

Ready to start!

• Ethan (Iceshen87)