Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@codingame/monaco-vscode-api
Advanced tools
NPM module that implements the VSCode api and redirects calls to Monaco editor.
The VSCode api is composed of:
Also, monaco-editor use standalone
versions or the vscode services, which are much simpler.
You may want to provide your custom implementations of them. To do so, you can use the initialize
method from vscode/services
.
Also, monaco-editor doesn't provide good type for them, so this library does it.
Example:
import { StandaloneServices, INotificationService, initialize } from 'vscode/services'
class MyCustomNotificationService implements INotificationService { ... }
await initialize({
get [INotificationService.toString()] () {
return new MyCustomNotificationService(...)
}
})
Additionally, this library exposes 11 modules that include the vscode version of some services (with some glue to make it work with monaco):
vscode/service-override/notifications
vscode/service-override/dialogs
vscode/service-override/modelEditor
vscode/service-override/configuration
vscode/service-override/keybindings
vscode/service-override/languages
vscode/service-override/textmate
vscode/service-override/snippets
vscode/service-override/theme
vscode/service-override/audioCue
vscode/service-override/debug
vscode/service-override/files
vscode/service-override/preferences
Usage:
import { initialize } from 'vscode/services'
import getModelEditorServiceOverride from 'vscode/service-override/modelEditor'
import getConfigurationServiceOverride, { updateUserConfiguration, configurationRegistry } from 'vscode/service-override/configuration'
await initialize({
...getModelEditorServiceOverride((model, input, sideBySide) => {
// Open a new editor here and return it
// It will be called when for instance the user ctrl+click on an import
}),
...getConfigurationServiceOverride(monaco.Uri.file('/tmp/'))
})
updateUserConfiguration(`{
"editor.fontSize": 12,
"[java]": {
"editor.fontSize": 15,
}
}`)
initialize
can only be called once ( and it should be called BEFORE creating your first editor).
The editors created using monaco.editor.create
don't use the configuration from the configurationService.
This library exposes functions to create editors binded on the configuration service:
before:
import * as monaco from 'monaco-editor'
const model = monaco.editor.createModel(...)
const editor = monaco.editor.create({ model, ... })
...
model.dispose()
editor.dispose()
after:
import { createConfiguredEditor, createModelReference } from 'vscode/monaco'
const modelRef = await createModelReference(...)
const editor = createConfiguredEditor({ model: modelRef.object.textEditorModel })
...
await modelRef.object.save()
...
modelRef.dispose()
editor.dispose()
createConfiguredEditor
returns a subclass of what is returned by monaco.editor.create
, the updateOptions
method can still be used.
The only difference is that is will use the configurationService
as a default configuration
createModelReference
return a reference to a model. The value is fetched from the memory filesystem (which is written if you provide the second argument).
The reference can then be disposed, the model will only be disposed if there is no remaining references.
npm install vscode@npm:@codingame/monaco-vscode-api
npm install -D @types/vscode
You can just import it as if you were in a vscode extension:
import * as vscode from 'vscode'
import { initialize } from 'vscode/extensions'
await initialize()
const range = new vscode.Range(...)
vscode.languages.registerCompletionItemProvider(...)
The api will use the manifest of a default vscode extension, which can be overriden by providing it to the initialize
function.
You can also register a new extension from its manifest:
import { registerExtension, initialize as initializeVscodeExtensions } from 'vscode/extensions'
await initialize()
const { registerFile: registerExtensionFile, api: vscodeApi } = registerExtension(defaultThemesExtensions)
registerExtensionFile('/file.json', async () => fileContent)
vscodeApi.languages.registerCompletionItemProvider(...)
VSCode uses a bunch of default extensions. Most of them are used to load the default languages and grammars (see https://github.com/microsoft/vscode/tree/main/extensions).
This library bundles most of them and allows to import the ones you want:
import 'vscode/default-extensions/javascript'
import 'vscode/default-extensions/json'
...
VSCode extension are bundled as vsix files. This library exposes a rollup plugin (vite-compatible) that allows to load a vsix file. The code is not used, only the declarative part in the manifest.
import vsixPlugin from 'vscode/rollup-vsix-plugin'
...
plugins: [
...,
vsixPlugin()
]
import './extension.vsix'
Try it out on https://codingame.github.io/monaco-vscode-api/
There is a demo that showcases the service-override features. It allows to register contributions with the same syntaxes as in VSCode. It includes:
It also uses the synchronizeJsonSchemas
function to register them on the monaco json worker and have autocomplete/hover on settings and keybindings.
From CLI run:
cd demo
npm ci
npm start
# OR: for vite debug output
npm run start:debug
For the debug feature, also run:
npm run start:debugServer
This project was mainly created to make the implementation of monaco-languageclient more robust and maintainable.
monaco-languageclient uses vscode-languageclient which was built to run inside a VSCode extension. VSCode extensions communicate with the editor via an API they can import into their code.
The VSCode api exports:
The first implementations of monaco-languageclient were using a fake VSCode api implementation. The vscode-languageclient was hacked so the VSCode<->protocol object converters were mainly bypassed, so the fake VSCode api was receiving Language Server Protocol objects. Then the objects were transformed using custom transformers into Monaco objects to communicate with the monaco api.
This approach has some disadvantages:
With this library, it would be possible to plug vscode-languageclient directly on top of monaco, monaco-languageclient still helps to do so by:
FAQs
VSCode public API plugged on the monaco editor
We found that @codingame/monaco-vscode-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.