Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

github.com/sourcegraph/scip

Package Overview
Dependencies
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/sourcegraph/scip

Source
Go Modules
Version
v0.6.1
Version published
Created
Source

SCIP Code Intelligence Protocol

SCIP (pronunciation: "skip") is a language-agnostic protocol for indexing source code, which can be used to power code navigation functionality such as Go to definition, Find references, and Find implementations.

This repository includes:

If you're interested in better understanding the motivation behind SCIP, check out the announcement blog post and the design doc.

If you're interested in writing a new indexer that emits SCIP, check out our documentation on how to write an indexer. Also, check out the Debugging section in the Development docs.

If you're interested in consuming SCIP data, you can either use one of the provided language bindings, or generate code for the SCIP Protobuf schema using the Protobuf toolchain for your language ecosystem. Also, check out the Debugging section in the Development docs.

Tools using SCIP

Several indexers currently emit SCIP data:

For more details about indexers, including LSIF-based indexers, see the Sourcegraph documentation.

Other tools which use SCIP include the Sourcegraph CLI, and the SCIP CLI in this repo.

Installing the scip CLI

You can find binaries for the scip CLI tool here. You can also compile a binary locally using:

git clone https://github.com/sourcegraph/scip.git --depth=1
cd scip
go build ./cmd/scip

You can consult the CLI reference or --help for usage information.

Contributing

We welcome questions, suggestions as well as code and docs contributions.

For submitting contributions, check out Development.md to better understand project structure and common workflows.

Contributors should abide by the Sourcegraph Code of Conduct.

FAQs

Package last updated on 27 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Security News

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.

By Sarah Gooding  -  Feb 02, 2026
GlassWorm Loader Hits Open VSX via Developer Account Compromise

Research

/

Security News

GlassWorm Loader Hits Open VSX via Developer Account Compromise

Threat actors compromised four oorzc Open VSX extensions with more than 22,000 downloads, pushing malicious versions that install a staged loader, evade Russian-locale systems, pull C2 from Solana memos, and steal macOS credentials and wallets.

By Kirill Boychenko  -  Jan 31, 2026