![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@types/vscode
Advanced tools
Package description
@types/vscode provides TypeScript definitions for the Visual Studio Code (VSCode) API, enabling developers to write extensions for VSCode with type safety and IntelliSense support.
Creating Commands
This feature allows you to create custom commands that can be executed from the command palette. The code sample demonstrates how to register a command that shows a 'Hello World!' message.
const vscode = require('vscode');
function activate(context) {
let disposable = vscode.commands.registerCommand('extension.sayHello', function () {
vscode.window.showInformationMessage('Hello World!');
});
context.subscriptions.push(disposable);
}
exports.activate = activate;
Creating Status Bar Items
This feature allows you to create items in the status bar. The code sample demonstrates how to create a status bar item with custom text and an icon.
const vscode = require('vscode');
function activate(context) {
let myStatusBarItem = vscode.window.createStatusBarItem(vscode.StatusBarAlignment.Right, 100);
myStatusBarItem.text = '$(beaker) My Extension';
myStatusBarItem.show();
context.subscriptions.push(myStatusBarItem);
}
exports.activate = activate;
Creating Webviews
This feature allows you to create webviews, which are custom HTML/CSS/JS-based views within VSCode. The code sample demonstrates how to create a simple webview that displays 'Hello from Webview'.
const vscode = require('vscode');
function activate(context) {
let disposable = vscode.commands.registerCommand('extension.openWebview', function () {
const panel = vscode.window.createWebviewPanel(
'webview',
'My Webview',
vscode.ViewColumn.One,
{}
);
panel.webview.html = getWebviewContent();
});
context.subscriptions.push(disposable);
}
function getWebviewContent() {
return `<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Webview</title>
</head>
<body>
<h1>Hello from Webview</h1>
</body>
</html>`;
}
exports.activate = activate;
The 'vscode' package provides the actual API for developing extensions for Visual Studio Code. It is the runtime library that works in conjunction with @types/vscode to provide the full development experience.
The 'vscode-languageclient' package is used to implement language servers in VSCode. It provides a higher-level API for integrating language servers with VSCode, making it easier to add language support to the editor.
The 'vscode-test' package provides utilities for testing VSCode extensions. It allows you to run integration tests for your extensions in a headless VSCode instance, ensuring that your extension works as expected.
Readme
npm install --save @types/vscode
This package contains type definitions for vscode (https://github.com/microsoft/vscode).
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/vscode.
These definitions were written by Visual Studio Code Team, and Microsoft.
FAQs
Unknown package
We found that @types/vscode demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.