Analyzing cross-langage dependencies in VSCode Ecosystem

SUPR uses JavaScript for certain functions. We cannot guarantee that you will be able to use the system with JavaScript disabled.

Dnr:

NAISS 2025/22-433

Type:

NAISS Small Compute

Principal Investigator:

Mohannad Alhanahnah

Affiliation:

Chalmers tekniska högskola

Start Date:

2025-05-01

End Date:

2026-05-01

Primary Classification:

10205: Software Engineering

Webpage:

Allocation

Tetralith at NSC: 20 x 1000 core-h/month

Abstract

This project aims to understand characteristics of direct and transitive dependencies in the VSCode ecosystem and understand the security vulnerabilities of these dependencies. We use static analysis to transitively identify dependencies of VSCode extensions. Then we will identify potential vulnerabilities that these dependencies impose.