Top issues
Detected presence of software components distributed with copyleft licenses.
Causes risk: copyleft licensed components
licenses
Problem
Software license is a legal instrument that governs the use and distribution of software source code and its binary representation. Software publishers have the freedom to choose any commonly used or purposefully written license to publish their work under. While some licenses are liberal and allow almost any kind of distribution, with or without code modification, other licenses are more restrictive and impose rules for their inclusion in other software projects. Copyleft licenses in particular impose substantial restrictions on the licensee. They typically require that any derived works, and even software code that merely interacts with copyleft code, be licensed under the same license. Since copyleft licenses are commonly applied to open source code, their inclusion requires that the entire software package becomes open sourced. For commercial applications, this is typically undesirable. Therefore, the inclusion of copyleft code is commonly avoided or even prohibited by the organization policy.Prevalence in Visual Studio Code community
No prevalence information at this timeNext steps
Confirm that the software package includes a copyleft component.
Investigate if the software publisher provides this component under a non-copyleft license.
Consider replacing the software component with an alternative that offers a license compatible with commercial use.
Detected presence of licenses that place restrictions on software distribution.
Causes risk: software distribution restrictions
licenses
Problem
Software license is a legal instrument that governs the use and distribution of software source code and its binary representation. Software publishers have the freedom to choose any commonly used or purposefully written license to publish their work under. While some licenses are liberal and allow almost any kind of distribution, with or without code modification, other licenses are more restrictive and impose rules for their inclusion in other software projects. Some software licenses place restrictions on software distribution of the code they apply to. These restrictions may extend to the services built upon the code licensed under such restrictive licenses. Some restrictive licenses explicitly state that the licensee may not provide the software to third parties as a hosted or managed service, where the service provides users with access to any substantial set of the features or functionality of the licensed software. When building commercial applications, this is typically undesirable. Therefore, the inclusion of any code that may impose limits on software distribution is commonly avoided or even prohibited by the organization policy.Prevalence in Visual Studio Code community
No prevalence information at this timeNext steps
Confirm that the software package references a component or a dependency with a restrictive license.
Consider replacing the software component with an alternative that offers a license compatible with organization policy.
Top behaviors
Executes files during installation or upon launch.
execution
Prevalence in Visual Studio Code community
No behavior prevalence information at this timeMight monitor keystrokes.
steal
Prevalence in Visual Studio Code community
No behavior prevalence information at this timeThe VS Code extension has an activation function that executes code.
execution
Prevalence in Visual Studio Code community
No behavior prevalence information at this timeRegisters a VS Code command which can later be executed.
execution
Prevalence in Visual Studio Code community
No behavior prevalence information at this timeMight create additional elements programmatically.
document
Prevalence in Visual Studio Code community
No behavior prevalence information at this timeTop vulnerabilities
No vulnerabilities found.