Settings
Every configuration key contributed by ShieldX. Edit them in Settings → Extensions → ShieldX, or in JSON via settings.json.
shieldx.autoScanOnStartup
- Type:
boolean - Default:
false(declared) - Effect: If enabled, ShieldX runs a full scan shortly after the extension activates.
- When to enable: Multi-user workstations, shared dev machines, or strict environments.
- Caveat: The activation path may opportunistically scan even when this is off, to populate the dashboard. Treat this setting as "always scan" rather than "only scan when true".
shieldx.warnOnHighRisk
- Type:
boolean - Default:
true - Effect: Shows a modal-style notification when the latest scan contains any extension at High or Critical level.
- When to disable: CI-attached editors, demos, or when you intentionally tolerate flagged extensions.
shieldx.minimumWarningLevel
- Type:
"moderate" | "high" | "critical" - Default:
"high" - Effect: Lowest risk level that produces a notification or dashboard warning state.
- Caveat: Does not affect what is scored or stored — only what surfaces.
shieldx.scanNodeModules
- Type:
boolean - Default:
false - Effect: Allows analyzers to recurse into
node_modulesinside an extension package. - Caveat: The current dependency analyzer reads declared dependencies primarily; enabling this is mostly relevant for the code-pattern analyzer. Expect longer scans.
shieldx.reportFormat
- Type:
"markdown" | "json" | "html" | "pdf" | "csv" | "sarif" - Default:
"markdown" - Effect: Default format pre-selected in export pickers.
shieldx.pdfBrowserPath
- Type:
string - Default:
""(empty — autodetect) - Effect: Explicit path to a Chrome/Chromium binary used to render PDF exports.
- Caveat: If empty and no browser is detected, PDF export falls back to HTML and shows a notice.
shieldx.enableOsvScan
- Type:
boolean - Default:
true - Effect: Enables OSV.dev vulnerability lookups for declared dependencies.
- Caveat: Requires outbound HTTPS to
api.osv.dev. Disable in air-gapped environments.
shieldx.maxHistoryItems
- Type:
integer - Default:
10 - Range:
5to100 - Effect: Caps how many completed scans ShieldX keeps in local history.
- Caveat: When limit is hit, ShieldX overwrites oldest entry first. Export important scans if you need long-term retention.