ScanReq
Real-time CVE detection and outdated package alerts for Python projects — directly inside VS Code. Zero config. Free.
Security visibility,
zero friction
ScanReq plugs into your existing workflow. Open a Python project and it just works.
Real-time PyPI Check
Compares every pinned version against the latest available on PyPI. Outdated packages surface instantly.
CVE Detection
Queries OSV.dev for known vulnerabilities on exact versions (==). CVE IDs and descriptions inline.
Visual Results Panel
Color-coded table with version badges and security status. Red, orange, green — health at a glance.
Smart Insights
Contextual alerts at the bottom of each scan: critical CVE warnings, bulk update notices, actionable advice.
Auto-refresh
The panel updates automatically whenever you save requirements.txt. No manual re-runs.
English & Spanish
UI language follows your VS Code language setting. More languages coming based on user demand.
Full coverage
for every project
The free plan covers exact versions. Pro goes further — CVE scanning for all version specifiers, compatibility analysis, and safe update recommendations.
- CVE detection for non-exact versions — coverage for
>=,~=, ranges and more - Cross-version compatibility analysis — find conflicts before they break your build
- Safe update recommendations — know exactly which version to upgrade to
- Priority support — direct access for fast issue resolution
Get notified at launch
Leave your email and we'll let you know the moment Pro is available — with an early-bird discount.
✓ You're on the list. We'll be in touch.
Free vs Pro
| Feature | Free | Pro |
|---|---|---|
| PyPI version check | ✓ | ✓ |
| CVE detection (exact versions) | ✓ | ✓ |
| Visual results panel | ✓ | ✓ |
| Smart insights | ✓ | ✓ |
| CVE detection for non-exact versions | — | Soon |
| Cross-version compatibility analysis | — | Soon |
| Safe update recommendations | — | Soon |
| Priority support | — | Soon |
Install in seconds
From the VS Code Command Palette or directly from the terminal:
ext install trustdev.scanreq