[BUG] VS Code extension injects node_modules into system context, ignoring .claudeignore and files.exclude
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When Claude Code is started from a workspace root containing subdirectories with
node_modules installed, the VS Code extension scans and injects those files as
system tool context. "System tools" in /context shows 3.2m+ tokens (1600%+ of
the 200k context window), making the session unusable from the start.
This happens even though node_modules is excluded via .claudeignore,
files.exclude in .vscode/settings.json, and denyRead in .claude/settings.json.
What Should Happen?
node_modules directories should be excluded from workspace context scanning,
consistent with the exclusions defined in .claudeignore, files.exclude, and
permission settings.
Error Messages/Logs
⚠ Context is 1621% full
Autocompact will trigger soon, which discards older messages. Use /compact
now to control what gets kept.
Steps to Reproduce
- Open a workspace root in VS Code that contains subdirectories
(e.g. a multi-repo workspace — the root itself is not a git repo)
- Run pnpm install (or npm install) in one of the subdirectories
- Start a new Claude Code session from the workspace root
- Run /context
Result: "System tools" shows 3.2m tokens (1616%)
Expected: System tools shows a few thousand tokens
Workaround: deleting node_modules before starting Claude Code brings
"System tools" back to a normal size. Starting Claude Code from inside
the subdirectory instead of the workspace root also avoids the issue.
Claude Model
None
Is this a regression?
No, this never worked
Last Working Version
_No response_
Claude Code Version
2.1.92 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
WSL (Windows Subsystem for Linux)
Additional Information
.claudeignore at workspace root contains /node_modules/
.vscode/settings.json contains files.exclude: { "/node_modules": true }
.claude/settings.json contains denyRead: ["/node_modules/"]
None of these prevent the injection. The issue appears to be that the VS Code
extension performs its own workspace scan independently of these exclusion
mechanisms.
On MacOS in same Project I don't have this behavior also with node_modules installed and run from project root.
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗