> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fallow.tools/llms.txt
> Use this file to discover all available pages before exploring further.
# VS Code extension
> Real-time codebase analysis in your editor: unused code, duplication, complexity hotspots, and boundary violations. Inline warnings, Code Lens reference counts, and one-click fixes.
The VS Code extension provides real-time diagnostics for unused code, duplication, complexity, and boundary violations, powered by the fallow LSP server, plus sidebar views and status-bar surfaces for project health, security candidates, runtime coverage, the changed-files audit verdict, monorepo workspace scoping, and license management.
Code Lens shows reference counts above each export. Click to peek all usages. Exports with zero references stand out immediately.
## Features
* **Real-time diagnostics** for dead-code issue types, updated via LSP without running a separate CLI process
* **Code Lens** with reference counts above each export (click to peek references)
* **Hover information** with export usage counts, unused status, and duplicate block locations
* **Quick-fix code actions** to remove unused exports or delete unused files
* **Refactor actions** to extract duplicates into shared functions
* **Tree views** in the sidebar with per-category icons, issue count badge, and welcome view
* **Status bar** with color-coded severity, rich tooltip breakdown, and command links
* **Diagnostic documentation links**: click any diagnostic code to open its docs page
* **Related information**: circular dependencies, duplicate exports, and code duplication diagnostics link to all related files
* **Fix preview** with a searchable Quick Pick for reviewing and navigating fixes
* **JSON schema** for `.fallowrc.json` with autocomplete and validation
* **Auto-download** of the LSP binary
* **Getting Started walkthrough** on first install
### Codebase intelligence surfaces
Beyond the real-time LSP diagnostics above, the extension surfaces the rest of fallow's analysis, each as its own opt-in sidebar view or status-bar item:
* **Health view** (sidebar): project health score and grade, top complexity findings, and hotspot / refactoring candidates, from a separate lazy run. Opt out with `fallow.health.enabled`.
* **Security Candidates view** (sidebar): local security candidates (`client-server-leak`, the tainted-sink CWE catalogue), framed as **unverified candidates to verify**, never confirmed vulnerabilities. Opt in with `fallow.security.enabled`.
* **Runtime Coverage view** (sidebar): hot paths and cleanup candidates (safe-to-delete / review-required) from a loaded coverage capture.
* **Audit verdict** (status bar): a pass / warn / fail signal for your current change set, mirroring `fallow audit`.
* **License management**: activate, view status, refresh, and deactivate a Fallow license without leaving the editor.
* **Monorepo workspace scope** (status bar): a picker to scope sidebar analysis (and the Health, Security, and Audit surfaces) to a single package, forwarding `--workspace`.
## Installation
Search for "fallow" in the VS Code extensions marketplace, or install from the command line:
```bash theme={null}
code --install-extension fallow-rs.fallow-vscode
```
The extension finds binaries automatically. It checks the `fallow.lspPath` setting first, then `node_modules/.bin/` for a local devDependency (`pnpm add -D fallow`), then system PATH, or auto-downloads from GitHub releases.
On first install, a walkthrough opens automatically with four steps: **Run Analysis**, **Explore Results**, **Fix Issues**, and **Configure Rules**. Each step links directly to the relevant command. You can reopen it from the Command Palette at any time.
Open any TypeScript or JavaScript project. Fallow activates automatically and starts analyzing. Diagnostics appear inline, and Code Lens annotations show above exports.
## Status bar
The status bar shows the current issue count and duplication percentage. It updates in real time as the LSP server completes analysis via a custom `fallow/analysisComplete` notification. No separate CLI process needed.
* **Color-coded background**: red when unresolved imports are present (errors), yellow when other issues exist (warnings), default when the project is clean
* **Rich tooltip**: hover to see a per-category breakdown of all issues (unused files, exports, dependencies, circular dependencies, clone groups, etc.)
* **Command links in tooltip**: Run Analysis, Auto-Fix, and Show Output are one click away
Additional status-bar items, each independently toggleable:
* **Health score** segment with the project grade (toggle with `fallow.health.statusBar`)
* **Audit verdict** for the current change set: pass / warn / fail, color-coded, with a gating-candidate count (toggle with `fallow.audit.statusBar.enabled`)
* **License indicator** showing the active license state (toggle with `fallow.license.showStatusBar`)
* **Workspace scope** picker showing the package analysis is scoped to in a monorepo (hidden on single-package projects)
## Diagnostics
Every diagnostic includes a clickable **diagnostic code** (e.g., `unused-export`, `unresolved-import`) that opens the corresponding documentation page at [docs.fallow.tools](https://docs.fallow.tools).
### Related information
Some diagnostics include related information that links to other files involved in the issue. Click a related location in the Problems panel to jump directly to it.
* **Circular dependencies**: each file in the cycle chain is listed as a related location, so you can trace the full cycle
* **Duplicate exports**: links to the other files that export the same name
* **Code duplication**: links to all other instances of the duplicated block
### Severity levels
| Issue type | Severity | Appearance |
| :----------------------------------------------------------- | :----------------- | :--------------------------- |
| Unresolved imports | Error (red) | Red underline |
| Unused files, dependencies, circular deps, duplicate exports | Warning (yellow) | Yellow underline |
| Unused exports, types, enum/class members | Hint | Faded text (unnecessary tag) |
| Code duplication | Information (blue) | Blue underline |
| Security candidates (opt-in) | Information (blue) | Blue underline |
Security candidate diagnostics are **off by default** and distinct from the **Security Candidates** sidebar view. They appear in the editor gutter only when you raise the `security-sink` or `security-client-server-leak` rule to `warn` or `error` in your fallow config, framed as unverified candidates to verify (advisory, never a red error). The hover leads with the confidence signals and points to `fallow security --file` for the full trace; a quick-fix dismisses the candidate.
## Tree views
The sidebar groups issues by type and duplicates by clone family. Each category uses a distinct icon for quick scanning:
| Category | Icon |
| :-------------------- | :---------- |
| Unused files | File |
| Unused exports | Method |
| Unused types | Interface |
| Unused dependencies | Package |
| Unused enum members | Enum member |
| Unresolved imports | Error |
| Circular dependencies | Sync |
| Duplicate exports | Files |
A **badge** on the sidebar icon shows the total issue count at a glance. When no analysis has been run yet, a **welcome view** appears with a "Run Analysis" button.
Clicking any item in the tree opens the file at the exact line and column.
### Additional views
The sidebar also hosts three opt-in views beyond unused code and duplicates:
| View | Shows |
| :---------------------- | :---------------------------------------------------------------------------------------------------------------------- |
| **Health** | Project health score and grade, top complexity findings, and hotspot / refactoring candidates |
| **Security Candidates** | Local security candidates (`client-server-leak`, tainted-sink CWE catalogue), framed as unverified candidates to verify |
| **Runtime Coverage** | Hot paths and cleanup candidates (safe-to-delete / review-required) from a loaded coverage capture |
## Fix preview
**Fallow: Preview Fixes (Dry Run)** opens a searchable Quick Pick listing each available fix with its type and file location. Select an item to navigate to it in the editor, or choose **Apply all fixes** at the bottom to apply everything at once.
After applying fixes, the extension automatically saves modified files, restarts the LSP server, and re-runs analysis so diagnostics update immediately.
## Config autocomplete
`.fallowrc.json` files get autocomplete and validation powered by the published [JSON schema](https://raw.githubusercontent.com/fallow-rs/fallow/main/schema.json). The extension registers this automatically, no extra setup needed.
## Commands
| Command | Description |
| :--------------------------------------------------------- | :---------------------------------------------------------------- |
| **Fallow: Run Analysis** | Run full analysis |
| **Fallow: Auto-Fix (unexport unused, remove unused deps)** | Apply auto-fixes |
| **Fallow: Preview Fixes (Dry Run)** | Preview fixes in a searchable Quick Pick |
| **Fallow: Restart Language Server** | Restart the language server |
| **Fallow: Show Output Channel** | Open the LSP output channel |
| **Fallow: Reload Health** | Re-run the Health view analysis |
| **Fallow: Scan for Security Candidates** | Populate the Security Candidates view |
| **Fallow: Select Workspace Scope...** | Scope analysis to one monorepo package |
| **Fallow: Clear Workspace Scope (Analyze All)** | Remove the workspace scope |
| **Fallow: Load Runtime Coverage** | Point the Runtime Coverage view at a capture |
| **Fallow: Reload Runtime Coverage** | Re-read the current coverage capture |
| **Fallow: Clear Runtime Coverage** | Clear the loaded coverage |
| **Fallow: Audit Changed Files** | Compute the pass/warn/fail audit verdict for the current changes |
| **Fallow: Activate License** | Activate a license (paste a token, load a file, or start a trial) |
| **Fallow: Show License Status** | Show the current license state |
| **Fallow: Refresh License** | Refresh the license from the server |
| **Fallow: Deactivate License** | Deactivate the license on this machine |
| Setting | Default | Description |
| :----------------------------------- | :---------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `fallow.lspPath` | - | Path to `fallow-lsp` binary (highest priority, overrides local `node_modules/.bin`, PATH, and auto-download) |
| `fallow.autoDownload` | `true` | Auto-download the LSP binary when not found locally or in PATH |
| `fallow.issueTypes` | all | Which issue types to report |
| `fallow.duplication.threshold` | `0` | Maximum allowed duplication percentage before the analysis is marked as failing (`0` = no limit) |
| `fallow.duplication.minTokens` | `50` | Minimum token count for a clone before it can be reported as duplicated code |
| `fallow.duplication.minLines` | `5` | Minimum line count for a clone before it can be reported as duplicated code |
| `fallow.duplication.minOccurrences` | `2` | Minimum occurrences before a clone group is reported (raise to `3`+ to skip pair-only clones) |
| `fallow.duplication.mode` | `mild` | Duplication detection mode |
| `fallow.duplication.skipLocal` | `false` | Only report duplicate code that appears across different directories |
| `fallow.duplication.crossLanguage` | `false` | Compare TypeScript and JavaScript files after stripping TypeScript type annotations |
| `fallow.duplication.ignoreImports` | `true` | Exclude module wiring from duplicate-code detection. Enabled by default for ES imports, re-export declarations, and top-level static `require()` binding declarations; set to `false` to count module wiring as clone candidates again. |
| `fallow.production` | `"auto"` | Production mode for the sidebar tree and the editor diagnostics (they stay in sync). `"auto"` defers to the project config, `"on"` forces production mode on, `"off"` forces it off even if the project config enables it. Editor-only; CLI and CI always report every finding. |
| `fallow.changedSince` | `""` | Git ref to scope diagnostics and the sidebar to files changed since that ref (mirrors `--changed-since`). Tag a baseline commit (e.g. `fallow-baseline`) and set this to the tag to enforce "no new issues going forward" while ignoring pre-existing findings. |
| `fallow.diagnostics.severity` | `"warning"` | Render Fallow editor diagnostics as `warning`, `information`, or `hint`. `hint` keeps findings available without squiggles. Editor-only; CLI and CI output are unchanged. |
| `fallow.diagnostics.mutedCategories` | `[]` | Team-shareable baseline of Fallow diagnostic category codes to hide in the editor, such as `code-duplication` or `stale-suppression`. Commit in `.vscode/settings.json`; local mutes can still hide more or show a baseline-hidden category. Editor-only; CLI and CI output are unchanged. |
| `fallow.workspace` | `""` | Scope sidebar analysis (and the Health, Security, and Audit surfaces) to a single monorepo package by name. Empty = analyze the whole project. Forwarded as `--workspace`. |
| `fallow.health.enabled` | `true` | Show the Health view (score and grade, complexity findings, hotspot and refactoring candidates) |
| `fallow.health.hotspots` | `true` | Include git churn hotspots in the Health view (walks git history; disable to skip that cost) |
| `fallow.health.topFindings` | `20` | Maximum number of complexity findings shown in the Health view |
| `fallow.health.statusBar` | `true` | Show the project health score and grade in the status bar |
| `fallow.health.inlineComplexity` | `true` | Show a compact complexity lens (`N cyc, N cog`) above functions that exceed Fallow Health thresholds. Click the lens to expand or collapse that function's per-line `+N` breakdown |
| `fallow.complexity.breakdownEnabled` | `true` | Master switch for the complexity breakdown (lens, per-line markers, and hovers) shown in the editor after the Health view runs |
| `fallow.complexity.afterText` | `false` | Always show the dim per-line `+N` token for every complex function, instead of only the function you expand (via its lens) or select in the Health view. Hovering always shows the breakdown regardless |
| `fallow.complexity.decorationCap` | `200` | Number of top complexity findings fetched for editor decorations, independent of `fallow.health.topFindings` |
| `fallow.security.enabled` | `false` | Surface local **security candidates** (`client-server-leak`, tainted-sink CWE catalogue) in the Security Candidates view. Unverified candidates to verify, not confirmed vulnerabilities. |
| `fallow.audit.gate` | `new-only` | Which findings affect the audit verdict shown in the editor (mirrors `fallow audit --gate`) |
| `fallow.audit.statusBar.enabled` | `true` | Show the audit verdict (pass/warn/fail) for the current change set in the status bar |
| `fallow.audit.runOnSave` | `false` | Re-run the audit verdict when a JS/TS file is saved (off by default) |
| `fallow.coverage.capturePath` | `""` | Path to a local runtime-coverage capture (file or directory) for the Runtime Coverage view |
| `fallow.coverage.top` | `0` | Show only the top N hot paths and findings in the Runtime Coverage view (`0` = all) |
| `fallow.license.showStatusBar` | `true` | Show a Fallow license indicator in the status bar |
| `fallow.license.refreshOnStartup` | `false` | Probe license status once when the extension activates (off by default; no network on startup) |
| `fallow.trace.server` | `off` | LSP trace level for debugging |
### Adopting fallow on a legacy codebase
Use `fallow.changedSince` to keep existing issues hidden while flagging new ones in the Problems panel:
```bash theme={null}
git tag fallow-baseline
git push --tags
```
In `.vscode/settings.json`:
```json theme={null}
{
"fallow.changedSince": "fallow-baseline"
}
```
Commit `.vscode/settings.json` so the whole team sees the same scope. Pair the same tag with `fallow dead-code --changed-since fallow-baseline` in CI to enforce the same contract on PRs.
**Shallow clone footgun.** `actions/checkout@v4` defaults to `fetch-depth: 1` and GitLab CI defaults to `GIT_DEPTH: 50`. If your baseline tag predates that fetch boundary, `--changed-since` and `fallow.changedSince` silently fall back to full scope (the LSP logs a warning to the Fallow output channel). Set `fetch-depth: 0` on `actions/checkout` (or `GIT_DEPTH: 0` in GitLab CI) when you use a long-lived baseline tag.
## Part of the three tracks
VS Code is one of three ways to use fallow:
1. **Agents** run `fallow` from CLI or call MCP tools to verify their own output
2. **You in VS Code** see real-time diagnostics, review agent output, and spot issues as you code
3. **CI** catches the rest, so nothing lands in main without passing fallow
The same analysis engine and the same config power all three, so results are identical across CLI, VS Code, and CI.
## See also
How AI agents use fallow via CLI and MCP.
Add fallow to your CI pipeline.
All issue types shown in real time by the extension.