Know what your extensions are really doing.

AI-powered security analysis for VS Code, Chrome, Firefox, and IDE extensions.

0+ scansAI-poweredFree to use

Built by a security researcher trusted by

AppleAmazonPayPalNASAJohn Deere

HOW IT WORKS

From extension ID to security report in seconds

01

Submit

Paste any extension ID or marketplace URL in the analyzer widget.

ID / URL Input

02

Analyze

ExtLens parses source code, permissions, dependencies, and behavioral signals.

AI + Static Scanning

03

Review

Get a report with risk score, findings, and remediation guidance in seconds.

Findings Dashboard

CAPABILITIES

Everything you need to secure your extension supply chain

Static Code Analysis

Deep inspection for obfuscation, risky eval usage, remote fetch paths, and sensitive APIs.

AI-Powered Detection

Model-assisted threat assessment to catch subtle behavior patterns in extension logic.

Permission Mapping

See exactly what each extension can read, write, and execute across your environment.

Supply Chain Risk

Dependency-level checks with CVE and advisory references for direct and indirect packages.

Real-time Monitoring

Agent telemetry tracks installs, updates, and removals across teams and machines.

Policy Enforcement

Block high-risk extensions with approvals and audit trails for controlled exceptions.

Analyzing extensions across 12+ platforms

VS Codevscode
Chromechrome
Firefoxfirefox
Edgeedge
Bravebrave
Cursorcursor
Windsurfwindsurf
JetBrainsjetbrains
sublimesublime
zedzed
Arcarc
Antigravityantigravity

ENTERPRISE

Extension security across your entire organization

Deploy the ExtLens Agent to monitor every extension install, enforce policies, and maintain complete audit trails with zero employee friction.

Real-time monitoring across all machines and platforms

Policy enforcement for risky extension installs

Zero-touch deployment with pre-configured installer packages

Approval workflows for blocked extension access requests

Explore the Agent Dashboard →

SEE IT IN ACTION

Real analysis, real results

VS Code

Example Extension

publisher.example

Risk 78/100
3 Critical2 High1 Medium4 Low
Remote script execution path detectedcritical
Overbroad host permission wildcardhigh
Unpinned dependency in update workflowmedium
View Full Report →

Start analyzing your extensions

Free for individual use. No credit card required.

Get Started →Read the documentation

No credit card · Free for individuals · API access available