VS Code or Cursor Broken for Elixir and possible fixes
You tried using VS Code for Elixir development. You tried out the ElixirLS extension for code insight and code completion. However, the ElixirLS extension kept crashing and never worked for you.
VS Code error display when ElixirLS crashes
This post can help you diagnose the issue and fix it. Let’s get you back on the productive path with your Elixir development.
What’s wrong?
VS Code has an “Output” panel that gives additional insight to what different extensions are doing.
From the VS Code menu, View > Output.
On the Output panel is a dropdown, select “ElixirLS”.
This displays what’s going on with ElixirLS. Any problems will be displayed here. When you open this panel, the output will be scrolled to the bottom. To see issues with ElixirLS starting up, scroll to the top.
The next sections are some of the common problems people may encounter.
It spikes my CPU and my fans go crazy
The explanation is that ElixirLS runs dialyzer in the background on first run. Dialyzer is a library that creates a PLT (Persistent Lookup Table). The PLT is used to give code completion for the version of Elixir you have installed and for your project. Additionally, it displays the dialyzer warnings in the IDE on the line with the problem.
So yes, on first run it uses Dialyzer to build the PLT. Depending on your machine and project, this can take ~15 minutes. If you let it complete, it won’t keep doing it.
Additionally, be aware that when you change your version or Elixir or Erlang it will need to rebuild the full PLT. So you will encounter this process again.
Elixir command not found
Does your output look something like this?
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Error - 1:13:04 PM] Connection to server got closed. Server will not be restarted.
The key here is elixir: command not found. Asdf (or however you have have Elixir installed) isn’t setup correctly. ElixirLS can’t find the elixir command. For MacOS and Linux users, make sure you follow the asdf installation process.
If using asdf, you may need to “reshim” the elixir command.
asdf reshim elixir <your-version>
Use the asdf command by itself for a list of other commands available.
Erlang not installed
Did you use asdf to install Elixir? Did you know you also need to install Erlang? VS Code’s ElixirLS output shows this problem when you have Elixir installed with no Erlang.
asdf: No version set for command erl
you might want to add one of the following in your .tool-versions file:
erlang 21.0.7
erlang 21.1.3
erlang 22.0.7
erlang 19.3.6.9
erlang 22.1.7
[Info - 6:08:00 AM] Connection to server got closed. Server will restart.
The solution is to install Erlang using asdf too. Make sure you install a compatible version!
When you look at VS Code’s Explorer pane for what is open, is it at the root of a single Elixir project? If not, this will be a problem. ElixirLS expects the project’s mix.exs file to be found at the root of the directory you opened.
VS Code, as a text editor, can open anywhere on your file system. It can open your user Documents directory, your Pictures directory, or anywhere else. It is able to edit any text files it finds there. While this is valid for VS Code and editing files as text, it is not valid for ElixirLS and understanding an Elixir project.
ElixirLS can only edit a single Elixir project at a time. It can only deal with one mix.exs file at a time. This means opening a directory that doesn’t have a mix.exs file but has child directories with Elixir projects does not work.
Elixir umbrella projects
What about Umbrella projects? An Elixir umbrella project works fine! For the best experience, open the umbrella’s root directory. That is where the primary mix.exs file is found for the whole umbrella project.
How did you launch VS Code?
How did you launch the VS Code editor? If asdf is correctly configured in a terminal and you are only opening the Elixir project directory but it still doesn’t work in VS Code, there may be a problem with your user environment. This issue identified the problem.
If asdf is only configured in your .bashrc file then it is available when a terminal window is opened but not used when an application launcher is starting an application. Ensure it is configured in your .profile file as that is used when logging into your account.
Test launching VS Code from a terminal in the directory of your Elixir project using this command:
code .
This opens the current directory in VS Code. This helps isolate environment issues. If it works when launching VS Code from the terminal, consider always doing it that way or look into fixing your environment setup.
ElixirLS stopped working
Everything was working great until one day it stopped working. Code completion is broken and when you look at the ElixirLS output, it complains about something that doesn’t make much sense.
What happened?
A number of things may have happened. A likely one is you added a new dependency or upgraded an existing one.
Have you ever upgraded a project dependency? At some point you will. After updating, sometimes your app gives strange compilation errors. The fix is to run mix clean. This clears out the compilation artifacts in your project’s _build directory. This forces a clean recompile for the project and everything works smoothly again! … Except VS Code and ElixirLS is broken. Running mix clean doesn’t clean out the behind-the-scenes ElixirLS build artifacts it uses to give code completion and insight.
How do I fix it?
Inside the .elixirls/ directory is a build directory. This is just like your project’s_build directory. Delete .elixirls/build/ and restart VS Code and it should be working again! If you watch the ElixirLS output, you’ll see it recompile your project. So wait for that to finish before deciding if ElixirLS works again.
Note: You can delete the entire .elixirls/ directory. Doing this also deletes the built dialyzer PLT files. When those are deleted ElixirLS rebuilds them… and that can take ~20 minutes and your fans kick in. As a short-cut to productivity, try only deleting the .elixirls/build/ directory.
Cleaning up after a change
Assuming you changed something with your installed versions, then it is best to clean your project’s build artifacts. Otherwise you’re likely to get strange compilation errors. This is a good idea to do whenever you change your active Elixir or Erlang versions. This can also happen when a project dependency changes.
Use the following command.
mix do clean, compile
Also note that the ElixirLS extension creates build artifacts inside the .elixirls/ directory in your project. This contains compiled code for your project that ElixirLS uses to give code insight. To avoid potential issues, also delete that directory to get a clean start.
Closing
Hopefully this helped you resolve roadblocks on your way to a productive Elixir development experience. Let me know if you encountered other issues that can be documented here as well.
By default Pow has a lax requirement of minimum 8 characters based on NIST SP800-63b, but there are many more types of validations you can use to ensure users don’t rely on weak passwords.
An important aspect to password requirements is that it should be user friendly. Requirements to mix alphanumeric with symbols and upper- and lowercase characters haven’t proven effective. In the following we’ll go through some effective methods to ensure users uses strong passwords.
For the sake of brevity, we’ll use ExPwned in the following example, but you can use any client or your own custom module to communicate with the API.
First, we’ll add ExPwned to the mix.exs file:
def deps do
[
...
{:ex_pwned, "~> 0.1.0"}
]
end
Run mix deps.get to install it.
Now let’s add the password validation rule to our user schema module:
defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_breach()
end
defp validate_password_breach(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->case password_breached?(password) do
true -> [password: "has appeared in a previous breach"]
false -> []
endend)
end
We’ll only do a lookup if the password has been changed, and we don’t do any lookups in test environment.
Context-specific words, such as the name of the service, the username, and derivatives thereof
We want to prevent context specific words to be used as passwords.
The context might be public user details. If the users email is john.doe@example.com then the password can’t be john.doe@example.com or johndoeexamplecom. The same rule applies for any user id we may use, such as username. If the username is john.doe then john.doe00 or johndoe001 can’t be used.
Our app may also be part of a website/service/platform and have an identity. As an example, if the service is called My Demo App then we don’t want to permit passwords like my demo app, my_demo_app or mydemoapp.
We’ll add the password validation rule to our user schema module:
defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_no_context()
end
@app_name "My Demo App"
defp validate_password_no_context(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
[
@app_name,
String.downcase(@app_name),
Ecto.Changeset.get_field(changeset, :email),
Ecto.Changeset.get_field(changeset, :username)
]
|> Enum.reject(&is_nil/1)
|> similar_to_context?(password)
|>casedo
true -> [password: "is too similar to username, email or #{@app_name}"]
false -> []
endend)
end
def similar_to_context?(contexts, password) do
Enum.any?(contexts, &String.jaro_distance(&1, password) > 0.85)
endend
We’re using the String.jaro_distance/2 to make sure that the password has a Jaro–Winkler similarity to the context of at most 0.85.
Repetitive or sequential characters
We want to prevent repetitive or sequential characters in passwords such as aaa, 1234 or abcd.
The rule we’ll use is that there may be no more than two repeating or three sequential characters in the password. We’ll add the validation rule to our user schema module:
defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password()
end
defp validate_password(changeset) do
changeset
|> validate_no_repetitive_characters()
|> validate_no_sequential_characters()
end
defp validate_no_repetitive_characters(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->case repetitive_characters?(password) do
true -> [password: "has repetitive characters"]
false -> []
endend)
end
defp repetitive_characters?(password) when is_binary(password) do
password
|> String.to_charlist()
|> repetitive_characters?()
enddefp repetitive_characters?([c, c, c | _rest]), do: true
defp repetitive_characters?([_c | rest]), do: repetitive_characters?(rest)
defp repetitive_characters?([]), do: false
defp validate_no_sequential_characters(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->case sequential_characters?(password) do
true -> [password: "has sequential characters"]
false -> []
endend)
end
As you can see, you’ll be able to modify @sequences and add what is appropriate for your app. It may be that you want to support another alphabet or keyboard layout sequences like qwerty.
Dictionary words
A dictionary lookup is very easy to create. This is just a very simple example that you can add to your user schema module:
defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_dictionary()
end
defp validate_password_dictionary(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
password
|> String.downcase()
|> password_in_dictionary?()
|>casedo
true -> [password: "is too common"]
false -> []
endend)
end
defp password_in_dictionary?(_password), do: false
end
In the above priv/dictionary.txt will be processed on compile time. The plain text file contains words separated by newline.
Require users to change weak password upon sign in
You may want to ensure that users update their password if they have been breached or are too weak. You can do this be requiring users to reset their password upon sign in.
This can be dealt with in a plug, or custom controller. A plug method could look like this:
def check_password(conn, _opts) do
changeset = MyApp.Users.User.changeset(%MyApp.Users.User{}, conn.params["user"])
case changeset.errors[:password] do
nil ->
conn
error <strong>-></strong>
msg <strong>=</strong> MyAppWeb<strong>.</strong>ErrorHelpers<strong>.</strong>translate_error(error)
conn
<strong>|></strong> put_flash(:error, "You have to reset your password because it #{msg}")
<strong>|></strong> redirect(to: Routes<strong>.</strong>pow_reset_password_reset_password_path(conn, :new))
<strong>|></strong> Plug<strong>.</strong>Conn<strong>.</strong>halt()
endend
The user will be redirected to the reset password page, and the connection halted so authentication won’t happen. A caveat to this is that the user may not have entered valid credentials, since this runs before any authentication.
Conclusion
As you can see it is easy to customize and extend the password validation rules of Pow.
The landscape of web security is constantly changing, so it’s important that password requirements are neither so restricting that it affects user experience or too lax that it affects security. The above will work for most cases in the current landscape, but you should also consider supporting 2FA authentication, or alternative authentication schemes such as WebAuthn or OAuth.
It depends on your requirements and risk tolerance. It’s recommended to take your time to assess what is appropriate for your app.
Unit tests
Here is a unit test module that contains tests for two of of the above rulesets:
defmodule MyApp.Users.UserTest do
use MyApp.DataCase
alias MyApp.Users.User
test "changeset/2 validates context-specific words" do
for invalid <- ["my demo app", "mydemo_app", "mydemoapp1"] do
changeset = User.changeset(%User{}, %{"username" => "john.doe", "password" => invalid})
assert changeset.errors[:password] == {"is too similar to username, email or My Demo App", []}
end
<em># The below is for email user id</em>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"email" <strong>=></strong> "john.doe@example.com", "password" <strong>=></strong> "password12"})
refute changeset<strong>.</strong>errors[:password]
for invalid <strong><-</strong> ["john.doe@example.com", "johndoeexamplecom"] <strong>do</strong>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"email" <strong>=></strong> "john.doe@example.com", "password" <strong>=></strong> invalid})
assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"is too similar to username, email or My Demo App", []}
<strong>end</strong>
<em># The below is for username user id</em>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"username" <strong>=></strong> "john.doe", "password" <strong>=></strong> "password12"})
refute changeset<strong>.</strong>errors[:password]
for invalid <strong><-</strong> ["john.doe00", "johndoe", "johndoe1"] <strong>do</strong>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"username" <strong>=></strong> "john.doe", "password" <strong>=></strong> invalid})
assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"is too similar to username, email or My Demo App", []}
<strong>end</strong>
end
test "changeset/2 validates repetitive and sequential password" do
changeset = User.changeset(%User{}, %{"password" => "secret1222"})
assert changeset.errors[:password] == {"has repetitive characters", []}
