Skip to main content

Settings

Every configuration key contributed by ShieldX. Edit them in Settings → Extensions → ShieldX, or in JSON via settings.json.

shieldx.autoScanOnStartup

  • Type: boolean
  • Default: false (declared)
  • Effect: If enabled, ShieldX runs a full scan shortly after the extension activates.
  • When to enable: Multi-user workstations, shared dev machines, or strict environments.
  • Caveat: The activation path may opportunistically scan even when this is off, to populate the dashboard. Treat this setting as "always scan" rather than "only scan when true".

shieldx.warnOnHighRisk

  • Type: boolean
  • Default: true
  • Effect: Shows a modal-style notification when the latest scan contains any extension at High or Critical level.
  • When to disable: CI-attached editors, demos, or when you intentionally tolerate flagged extensions.

shieldx.minimumWarningLevel

  • Type: "moderate" | "high" | "critical"
  • Default: "high"
  • Effect: Lowest risk level that produces a notification or dashboard warning state.
  • Caveat: Does not affect what is scored or stored — only what surfaces.

shieldx.scanNodeModules

  • Type: boolean
  • Default: false
  • Effect: Allows analyzers to recurse into node_modules inside an extension package.
  • Caveat: The current dependency analyzer reads declared dependencies primarily; enabling this is mostly relevant for the code-pattern analyzer. Expect longer scans.

shieldx.reportFormat

  • Type: "markdown" | "json" | "html" | "pdf" | "csv" | "sarif"
  • Default: "markdown"
  • Effect: Default format pre-selected in export pickers.

shieldx.pdfBrowserPath

  • Type: string
  • Default: "" (empty — autodetect)
  • Effect: Explicit path to a Chrome/Chromium binary used to render PDF exports.
  • Caveat: If empty and no browser is detected, PDF export falls back to HTML and shows a notice.

shieldx.enableOsvScan

  • Type: boolean
  • Default: true
  • Effect: Enables OSV.dev vulnerability lookups for declared dependencies.
  • Caveat: Requires outbound HTTPS to api.osv.dev. Disable in air-gapped environments.

shieldx.maxHistoryItems

  • Type: integer
  • Default: 10
  • Range: 5 to 100
  • Effect: Caps how many completed scans ShieldX keeps in local history.
  • Caveat: When limit is hit, ShieldX overwrites oldest entry first. Export important scans if you need long-term retention.