# IDE Extensions
The **IDE Extensions** page provides an organization-wide view of all IDE extensions/plugins detected on developer machines.
A summary at the top of the page shows the total number of unique extensions detected across active devices (for example, `Total 644 unique extensions across 19 active devices`).
Below the summary, IDE filter chips let you scope the list to a single IDE. Each chip shows the number of unique extensions detected for that IDE.
From this page, you can see:
* A list of all IDE extensions and plugins in use across your fleet
* The IDE each item belongs to
* Whether the item is an **Extension** (VS Code-style) or a **Plugin** (JetBrains-style)
* Whether it was **User installed** or shipped as part of the IDE
* A security score for each extension, rendered as a color-coded bar
* Compromised and typosquatted extensions (typosquatted extensions are deceptive IDE extensions that mimic legitimate ones with slightly altered names to trick developers into installing them)
#### Filters
The page supports the following filters:
* **Search by extension name**: free-text search across all detected items
* **Risk Type**: filter to surface known-risky items. Available values are `Compromised` and `Typosquat`.
* **All kinds**: filter by item kind (`Extension` or `Plugin`)
* **IDE chips**: scope to a single IDE
### Supported IDEs
Dev Machine Guard detects extensions installed in the following IDEs on Windows, macOS, and Linux:
* **Visual Studio Code**
* **Cursor**
* **JetBrains IDEs** (IntelliJ IDEA, PyCharm, GoLand)
* **Android Studio**
* **Eclipse-based IDEs**
* **Windsurf**
* **Xcode**
You can filter the IDE Extensions page by IDE to focus on a specific development environment.
### Extension Details
Selecting an IDE extension opens a detailed view with information about its usage and security posture.
#### Devices Using This Extension
This section shows:
* All devices where the extension is installed
* The version of the extension installed on each device
This helps you understand the spread of an extension across your organization and identify where remediation may be required.
### Extension Security Score
Each IDE extension is assigned a security score based on multiple supply chain signals.
The security score provides visibility into factors such as:
* Install base and adoption
* Release recency
* Publisher verification status
* License availability
* Known vulnerabilities
* Repository security posture (for example, branch protection and security policy presence)
This information helps you understand *why* an extension has its assigned score and supports decisions about whether it should continue to be used within your organization.
### Upcoming Capabilities
The following capabilities are currently under development:
* **Extension allowlists** to define which IDE extensions are permitted across your organization
* **Cooldown periods for new extension versions**, preventing newly released updates from being used until they have been evaluated
These controls will help reduce exposure to malicious or compromised extension updates while maintaining developer productivity.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.stepsecurity.io/developer-machines/ide-extensions.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.