Trident is a Node.js vulnerability package scanner that helps you automatically detect, fix, and block these vulnerabilities, keeping your software secure, reliable, and compliant.
- Map Vulnerabilities Before Attackers Do: Turn complex npm vulnerabilities into an interactive map—spot risks, trace their spread through dependencies, and know what to fix first.
- AI-Powered Insights: Plug in your own AI API key to get deep vulnerability analysis, CWE & GitHub advisory impacts, and a secure coding assistant that highlights actionable code diffs.
- Have a Node.js codebase ready. JUDGES ONLY DOWNLOAD TEST CODE HERE TestCode (Optional)
- Install the extension
- Expand 'Vulnerable Packages' view
- Run "Run Scanner"
- Start resolving vulnerabilities!
- When your canvas generates select the severities in the top left corner to display the severity inspector panel
- Take a look at the panel, starting with the first package
- Within the remediation block for each package, copy the command to your clipboard and paste into the terminal to resolve the package vulnerability
- Within the package list you can click 'View details' for a package to read more information on the vulnerabilities of that package
- If you entered your API key via the 'Trident | Add AI Insights' command(palette)(Shift+CMD+P), when you view package details you receieve AI-Powered Insights to help you better understand the vulnerabilities of that package
| Command | Description |
|---|---|
| Vulnerability Package Scanner | Generates your visual! |
| Trident Add AI Insights | Add your API Key |
Your API key is stored securely using VS Code Secret Storage.