Ctrlk
PricingInstall StepSecurity AppLogin

IDE Extensions

The IDE Extensions page provides an organization-wide view of all IDE extensions/plugins detected on developer machines.

A summary at the top of the page shows the total number of unique extensions detected across active devices (for example, Total 644 unique extensions across 19 active devices).

Below the summary, IDE filter chips let you scope the list to a single IDE. Each chip shows the number of unique extensions detected for that IDE.

From this page, you can see:

  • A list of all IDE extensions and plugins in use across your fleet

  • The IDE each item belongs to

  • Whether the item is an Extension (VS Code-style) or a Plugin (JetBrains-style)

  • Whether it was User installed or shipped as part of the IDE

  • A security score for each extension, rendered as a color-coded bar

  • Compromised and typosquatted extensions (typosquatted extensions are deceptive IDE extensions that mimic legitimate ones with slightly altered names to trick developers into installing them)

Filters

The page supports the following filters:

  • Search by extension name: free-text search across all detected items

  • Risk Type: filter to surface known-risky items. Available values are Compromised and Typosquat.

  • All kinds: filter by item kind (Extension or Plugin)

  • IDE chips: scope to a single IDE

Supported IDEs

Dev Machine Guard detects extensions installed in the following IDEs on Windows, macOS, and Linux:

  • Visual Studio Code

  • Cursor

  • Windsurf

  • Antigravity

  • JetBrains IDEs (IntelliJ IDEA, PyCharm, GoLand, WebStorm, RubyMine, CLion, Rider, PhpStorm, DataGrip, RustRover, Aqua, DataSpell, AppCode)

  • Android Studio

  • Eclipse-based IDEs

  • Xcode

You can filter the IDE Extensions page by IDE to focus on a specific development environment.

Extension Details

Selecting an IDE extension opens a detailed view with information about its usage and security posture.

Devices Using This Extension

This section shows:

  • All devices where the extension is installed

  • The version of the extension installed on each device

This helps you understand the spread of an extension across your organization and identify where remediation may be required.

Extension Security Score

Each IDE extension is assigned a security score based on multiple supply chain signals.

The security score provides visibility into factors such as:

  • Install base and adoption

  • Release recency

  • Publisher verification status

  • License availability

  • Known vulnerabilities

  • Repository security posture (for example, branch protection and security policy presence)

This information helps you understand why an extension has its assigned score and supports decisions about whether it should continue to be used within your organization.

Upcoming Capabilities

The following capabilities are currently under development:

  • Extension allowlists to define which IDE extensions are permitted across your organization

  • Cooldown periods for new extension versions, preventing newly released updates from being used until they have been evaluated

These controls will help reduce exposure to malicious or compromised extension updates while maintaining developer productivity.

PreviousDevicesNextAI Agents

Last updated

Was this helpful?