Prevent accidental home-directory opens in VS Code and review risky repository trust surfaces before trusting a repository.
Privacy-first and offline-first by default: installing and using the extension does not send telemetry, phone home, or require remote access. Only the optional --resolve-external-workflows scan mode fetches external workflow files.
- Install Workspace Guard in VS Code.
- Leave the default
Redirectmode on, or change it from theWG:status bar control. - Open the
Workspace Guard Reviewsection in Explorer for a lightweight repository review tree inside VS Code, then click any finding for remediation guidance. - Use the filter and export actions in that view if you want to focus on one severity or share the review as JSON or Markdown.
- Run
Workspace Guard: Review Repository Trust Surfacesfrom the Command Palette if you want the same review in the output panel. - If you want to inspect a repository from the terminal, run
workspace-guard-scanin that repository.
npx homeguard-code ~
npx workspace-guard-scan .Use homeguard-code if you want the code command to check risky paths before opening VS Code. Use workspace-guard-scan if you want a quick safety review of a repository's .github, .vscode, multi-root .code-workspace, .devcontainer, extension recommendation, AI/MCP, and LaTeX trust surfaces before you trust it.
If you want the scanner to inspect external reusable workflows as well, add --resolve-external-workflows. That mode is opt-in because it fetches the referenced workflow files.
Project docs: External interface · Contributing · Support · Security · OpenSSF readiness
Disclaimer: Workspace Guard reduces common VS Code workspace and repository-trust mistakes, but it is not a sandbox, malware scanner, or guarantee against all unsafe repositories, extensions, or user actions.
© 2026 ToppyMicroServices OÜ — Registry code 16551297 — Tallinn, Estonia.