Skip to main content

Troubleshooting

Quick fixes for the most common ShieldX issues.

The dashboard is empty after install

ShieldX waits for the first scan before populating the view. Click Scan now in the dashboard header, or run ShieldX: Scan installed extensions from the command palette. Enable shieldx.autoScanOnStartup to skip this step on future launches.

A scan never finishes

Network lookups dominate scan time. If OSV or npm endpoints are slow or unreachable:

  • Cancel from progress notification or dashboard header
  • Disable shieldx.enableOsvScan and re-run
  • Check your proxy / firewall allows api.osv.dev, registry.npmjs.org, and api.npmjs.org

PDF export silently produced an HTML file

ShieldX could not locate a Chrome-compatible browser. Either:

  • Install Chrome, Chromium, Edge, or Brave
  • Set shieldx.pdfBrowserPath to the binary path explicitly

The notice in the editor confirms the fallback.

Policy file changes are not taking effect

The policy is read per scan, not on file save. Re-run a scan after editing .shieldx.json. Also confirm:

  • The file lives at the root of the first workspace folder
  • JSON is valid
  • Extension IDs are exact, including the publisher prefix (publisher.name)

"Show current policy" says no policy file found

That command only shows existing policy content. Create .shieldx.json at workspace root first, then re-run command. Fastest starter file:

{
  "allowedExtensions": [],
  "blockedExtensions": [],
  "maxRiskLevel": "high"
}

"Sensitive workspace" warning keeps appearing

The warning fires when risky extensions coincide with secret-like files in the workspace. To stop it:

  • Resolve or accept the risky extensions
  • Move secrets to a location outside the workspace, or to a properly ignored path
  • Reduce shieldx.minimumWarningLevel tolerance if the heuristic is too eager

A trusted extension is flagged High

Trust signals do not cancel risk factors — they are reported side-by-side. Open the row and read the Risk factors list. If the signals are acceptable for your environment, add the extension to allowedExtensions to mark it compliant.

History is missing after reinstall

History is stored in the editor's extension global state, which is local to the install. Use Settings Sync to carry extension state across machines, or export important scans to JSON before reinstalling.

Nothing happens when I click "Open in Extensions"

The action opens the extension's marketplace page inside the editor. If your editor build runs with the marketplace disabled (some enterprise setups), the page will not render. Open the extension ID manually in the Extensions view instead.