Code Lens shows reference counts above each export. Click to peek all usages. Exports with zero references stand out immediately.
Features
- Real-time diagnostics for dead-code issue types, updated via LSP without running a separate CLI process
- Code Lens with reference counts above each export (click to peek references)
- Hover information with export usage counts, unused status, and duplicate block locations
- Quick-fix code actions to remove unused exports or delete unused files
- Refactor actions to extract duplicates into shared functions
- Tree views in the sidebar with per-category icons, issue count badge, and welcome view
- Status bar with color-coded severity, rich tooltip breakdown, and command links
- Diagnostic documentation links: click any diagnostic code to open its docs page
- Related information: circular dependencies, duplicate exports, and code duplication diagnostics link to all related files
- Fix preview with a searchable Quick Pick for reviewing and navigating fixes
- JSON schema for
.fallowrc.jsonwith autocomplete and validation - Auto-download of the LSP binary
- Getting Started walkthrough on first install
Codebase intelligence surfaces
Beyond the real-time LSP diagnostics above, the extension surfaces the rest of fallow’s analysis, each as its own opt-in sidebar view or status-bar item:- Health view (sidebar): project health score and grade, top complexity findings, and hotspot / refactoring candidates, from a separate lazy run. Opt out with
fallow.health.enabled. - Security Candidates view (sidebar): local security candidates (
client-server-leak, the tainted-sink CWE catalogue), framed as unverified candidates to verify, never confirmed vulnerabilities. Opt in withfallow.security.enabled. - Runtime Coverage view (sidebar): hot paths and cleanup candidates (safe-to-delete / review-required) from a loaded coverage capture.
- Audit verdict (status bar): a pass / warn / fail signal for your current change set, mirroring
fallow audit. - License management: activate, view status, refresh, and deactivate a Fallow license without leaving the editor.
- Monorepo workspace scope (status bar): a picker to scope sidebar analysis (and the Health, Security, and Audit surfaces) to a single package, forwarding
--workspace.
Installation
Install the extension
Search for “fallow” in the VS Code extensions marketplace, or install from the command line:
Binary resolution
The extension finds binaries automatically. It checks the
fallow.lspPath setting first, then node_modules/.bin/ for a local devDependency (pnpm add -D fallow), then system PATH, or auto-downloads from GitHub releases.Getting Started walkthrough
On first install, a walkthrough opens automatically with four steps: Run Analysis, Explore Results, Fix Issues, and Configure Rules. Each step links directly to the relevant command. You can reopen it from the Command Palette at any time.
Status bar
The status bar shows the current issue count and duplication percentage. It updates in real time as the LSP server completes analysis via a customfallow/analysisComplete notification. No separate CLI process needed.
- Color-coded background: red when unresolved imports are present (errors), yellow when other issues exist (warnings), default when the project is clean
- Rich tooltip: hover to see a per-category breakdown of all issues (unused files, exports, dependencies, circular dependencies, clone groups, etc.)
- Command links in tooltip: Run Analysis, Auto-Fix, and Show Output are one click away
- Health score segment with the project grade (toggle with
fallow.health.statusBar) - Audit verdict for the current change set: pass / warn / fail, color-coded, with a gating-candidate count (toggle with
fallow.audit.statusBar.enabled) - License indicator showing the active license state (toggle with
fallow.license.showStatusBar) - Workspace scope picker showing the package analysis is scoped to in a monorepo (hidden on single-package projects)
Diagnostics
Every diagnostic includes a clickable diagnostic code (e.g.,unused-export, unresolved-import) that opens the corresponding documentation page at docs.fallow.tools.
Related information
Some diagnostics include related information that links to other files involved in the issue. Click a related location in the Problems panel to jump directly to it.- Circular dependencies: each file in the cycle chain is listed as a related location, so you can trace the full cycle
- Duplicate exports: links to the other files that export the same name
- Code duplication: links to all other instances of the duplicated block
Severity levels
| Issue type | Severity | Appearance |
|---|---|---|
| Unresolved imports | Error (red) | Red underline |
| Unused files, dependencies, circular deps, duplicate exports | Warning (yellow) | Yellow underline |
| Unused exports, types, enum/class members | Hint | Faded text (unnecessary tag) |
| Code duplication | Information (blue) | Blue underline |
| Security candidates (opt-in) | Information (blue) | Blue underline |
security-sink or security-client-server-leak rule to warn or error in your fallow config, framed as unverified candidates to verify (advisory, never a red error). The hover leads with the confidence signals and points to fallow security --file for the full trace; a quick-fix dismisses the candidate.
Tree views
The sidebar groups issues by type and duplicates by clone family. Each category uses a distinct icon for quick scanning:| Category | Icon |
|---|---|
| Unused files | File |
| Unused exports | Method |
| Unused types | Interface |
| Unused dependencies | Package |
| Unused enum members | Enum member |
| Unresolved imports | Error |
| Circular dependencies | Sync |
| Duplicate exports | Files |
Additional views
The sidebar also hosts three opt-in views beyond unused code and duplicates:| View | Shows |
|---|---|
| Health | Project health score and grade, top complexity findings, and hotspot / refactoring candidates |
| Security Candidates | Local security candidates (client-server-leak, tainted-sink CWE catalogue), framed as unverified candidates to verify |
| Runtime Coverage | Hot paths and cleanup candidates (safe-to-delete / review-required) from a loaded coverage capture |
Fix preview
Fallow: Preview Fixes (Dry Run) opens a searchable Quick Pick listing each available fix with its type and file location. Select an item to navigate to it in the editor, or choose Apply all fixes at the bottom to apply everything at once. After applying fixes, the extension automatically saves modified files, restarts the LSP server, and re-runs analysis so diagnostics update immediately.Config autocomplete
.fallowrc.json files get autocomplete and validation powered by the published JSON schema. The extension registers this automatically, no extra setup needed.
Commands
| Command | Description |
|---|---|
| Fallow: Run Analysis | Run full analysis |
| Fallow: Auto-Fix (unexport unused, remove unused deps) | Apply auto-fixes |
| Fallow: Preview Fixes (Dry Run) | Preview fixes in a searchable Quick Pick |
| Fallow: Restart Language Server | Restart the language server |
| Fallow: Show Output Channel | Open the LSP output channel |
| Fallow: Reload Health | Re-run the Health view analysis |
| Fallow: Scan for Security Candidates | Populate the Security Candidates view |
| Fallow: Select Workspace Scope… | Scope analysis to one monorepo package |
| Fallow: Clear Workspace Scope (Analyze All) | Remove the workspace scope |
| Fallow: Load Runtime Coverage | Point the Runtime Coverage view at a capture |
| Fallow: Reload Runtime Coverage | Re-read the current coverage capture |
| Fallow: Clear Runtime Coverage | Clear the loaded coverage |
| Fallow: Audit Changed Files | Compute the pass/warn/fail audit verdict for the current changes |
| Fallow: Activate License | Activate a license (paste a token, load a file, or start a trial) |
| Fallow: Show License Status | Show the current license state |
| Fallow: Refresh License | Refresh the license from the server |
| Fallow: Deactivate License | Deactivate the license on this machine |
Extension settings
Extension settings
| Setting | Default | Description |
|---|---|---|
fallow.lspPath | - | Path to fallow-lsp binary (highest priority, overrides local node_modules/.bin, PATH, and auto-download) |
fallow.autoDownload | true | Auto-download the LSP binary when not found locally or in PATH |
fallow.issueTypes | all | Which issue types to report |
fallow.duplication.threshold | 0 | Maximum allowed duplication percentage before the analysis is marked as failing (0 = no limit) |
fallow.duplication.minTokens | 50 | Minimum token count for a clone before it can be reported as duplicated code |
fallow.duplication.minLines | 5 | Minimum line count for a clone before it can be reported as duplicated code |
fallow.duplication.minOccurrences | 2 | Minimum occurrences before a clone group is reported (raise to 3+ to skip pair-only clones) |
fallow.duplication.mode | mild | Duplication detection mode |
fallow.duplication.skipLocal | false | Only report duplicate code that appears across different directories |
fallow.duplication.crossLanguage | false | Compare TypeScript and JavaScript files after stripping TypeScript type annotations |
fallow.duplication.ignoreImports | true | Exclude module wiring from duplicate-code detection. Enabled by default for ES imports, re-export declarations, and top-level static require() binding declarations; set to false to count module wiring as clone candidates again. |
fallow.production | "auto" | Production mode for the sidebar tree and the editor diagnostics (they stay in sync). "auto" defers to the project config, "on" forces production mode on, "off" forces it off even if the project config enables it. Editor-only; CLI and CI always report every finding. |
fallow.changedSince | "" | Git ref to scope diagnostics and the sidebar to files changed since that ref (mirrors --changed-since). Tag a baseline commit (e.g. fallow-baseline) and set this to the tag to enforce “no new issues going forward” while ignoring pre-existing findings. |
fallow.diagnostics.severity | "warning" | Render Fallow editor diagnostics as warning, information, or hint. hint keeps findings available without squiggles. Editor-only; CLI and CI output are unchanged. |
fallow.diagnostics.mutedCategories | [] | Team-shareable baseline of Fallow diagnostic category codes to hide in the editor, such as code-duplication or stale-suppression. Commit in .vscode/settings.json; local mutes can still hide more or show a baseline-hidden category. Editor-only; CLI and CI output are unchanged. |
fallow.workspace | "" | Scope sidebar analysis (and the Health, Security, and Audit surfaces) to a single monorepo package by name. Empty = analyze the whole project. Forwarded as --workspace. |
fallow.health.enabled | true | Show the Health view (score and grade, complexity findings, hotspot and refactoring candidates) |
fallow.health.hotspots | true | Include git churn hotspots in the Health view (walks git history; disable to skip that cost) |
fallow.health.topFindings | 20 | Maximum number of complexity findings shown in the Health view |
fallow.health.statusBar | true | Show the project health score and grade in the status bar |
fallow.health.inlineComplexity | true | Show a compact complexity lens (N cyc, N cog) above functions that exceed Fallow Health thresholds. Click the lens to expand or collapse that function’s per-line +N breakdown |
fallow.complexity.breakdownEnabled | true | Master switch for the complexity breakdown (lens, per-line markers, and hovers) shown in the editor after the Health view runs |
fallow.complexity.afterText | false | Always show the dim per-line +N token for every complex function, instead of only the function you expand (via its lens) or select in the Health view. Hovering always shows the breakdown regardless |
fallow.complexity.decorationCap | 200 | Number of top complexity findings fetched for editor decorations, independent of fallow.health.topFindings |
fallow.security.enabled | false | Surface local security candidates (client-server-leak, tainted-sink CWE catalogue) in the Security Candidates view. Unverified candidates to verify, not confirmed vulnerabilities. |
fallow.audit.gate | new-only | Which findings affect the audit verdict shown in the editor (mirrors fallow audit --gate) |
fallow.audit.statusBar.enabled | true | Show the audit verdict (pass/warn/fail) for the current change set in the status bar |
fallow.audit.runOnSave | false | Re-run the audit verdict when a JS/TS file is saved (off by default) |
fallow.coverage.capturePath | "" | Path to a local runtime-coverage capture (file or directory) for the Runtime Coverage view |
fallow.coverage.top | 0 | Show only the top N hot paths and findings in the Runtime Coverage view (0 = all) |
fallow.license.showStatusBar | true | Show a Fallow license indicator in the status bar |
fallow.license.refreshOnStartup | false | Probe license status once when the extension activates (off by default; no network on startup) |
fallow.trace.server | off | LSP trace level for debugging |
Adopting fallow on a legacy codebase
Usefallow.changedSince to keep existing issues hidden while flagging new ones in the Problems panel:
.vscode/settings.json:
.vscode/settings.json so the whole team sees the same scope. Pair the same tag with fallow dead-code --changed-since fallow-baseline in CI to enforce the same contract on PRs.
Shallow clone footgun.
actions/checkout@v4 defaults to fetch-depth: 1 and GitLab CI defaults to GIT_DEPTH: 50. If your baseline tag predates that fetch boundary, --changed-since and fallow.changedSince silently fall back to full scope (the LSP logs a warning to the Fallow output channel). Set fetch-depth: 0 on actions/checkout (or GIT_DEPTH: 0 in GitLab CI) when you use a long-lived baseline tag.Part of the three tracks
VS Code is one of three ways to use fallow:- Agents run
fallowfrom CLI or call MCP tools to verify their own output - You in VS Code see real-time diagnostics, review agent output, and spot issues as you code
- CI catches the rest, so nothing lands in main without passing fallow
See also
Agent integration
How AI agents use fallow via CLI and MCP.
CI integration
Add fallow to your CI pipeline.
Analysis areas
All issue types shown in real time by the extension.