VScan — Architectural Intelligence & Security Scanner

High-Performance, Local-First Architectural Intelligence and Security Scanner for VS Code.

---

VScan is an advanced, privacy-first Architecture and Security Scanner designed for full-stack developers. Instead of uploading your proprietary source code to a slow, expensive cloud scanner, VScan runs 100% locally inside your editor.

It maps your codebase, detects hidden vulnerabilities, evaluates code health, and traces the "Blast Radius" of your changes in milliseconds.

🚀 Key Features

🛡️ Local-First Security Scanning (SAST)

• Ast-Based Heuristics: Instantly flags SQL Injections, Cross-Site Scripting (XSS), Command Execution risks, and hardcoded secrets within JavaScript and TypeScript codebases.
• Privacy By Design: Your code never leaves your machine. No telemetry, no cloud uploads, no API keys required.
• Lifecycle Tracking: Mark findings as False Positive, Accepted Risk, or Suppressed to keep your team's dashboard clean.

📦 Software Supply Chain Analysis (SCA)

• Automatically scans your dependency manifests (package-lock.json, Cargo.lock, go.mod, requirements.txt).
• Checks live against the Google Open Source Vulnerabilities (OSV) database to flag known CVEs and ReDoS risks within your transitive dependencies.

🗺️ Next-Gen Architecture Mapping

• Dependency Graph: Interactive D3.js force-directed graphs to visualize how your internal modules connect.
• Blast Radius Analysis: Right-click any file to see exactly who imports it and what dependencies rely on it. Know instantly how many files you will break before you push a commit.
• Flow & Tree: Aggregated cross-folder import trackers to help you maintain clean hexagonal or domain-driven architectures.

🩺 Code Health & Developer Hotspots

• Metrics: Generates a universal Health Score (A-F), tracking Dead Functions, God Files, and High-Complexity bottlenecks.
• Git Churn / Hotspots: Analyzes your Git commit history across ANY programming language to highlight the most volatile, refactoring-candidate files in your repo.
• Reporting: 1-Click exports to JSON or Markdown for your organization's compliance auditors or CI/CD dashboards.

---

🛠️ Supported Ecosystems

Deep AST Security & Graph Mapping:

• JavaScript, TypeScript, JSX, TSX, Node.js, React, Vue

Software Supply Chain (Vulnerability) Scanning:

• npm / Node.js
• crates.io / Rust
• PyPI / Python
• Go Modules

---

💻 Installation

1. Open VS Code and go to the Extensions tab (Ctrl+Shift+X).
2. Search for VScan - Architectural Intelligence.
3. Click Install.
4. Open any project, click the new V icon on your left-hand activity bar, and hit Scan Workspace.

---

🤝 Contributing & Open Source

VScan is proudly built as an Open Core project. Found a bug or want to parse a new language? We welcome all Pull Requests!

---

Built with ❤️ for developers who actually care about their architecture.