Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@vscode/vsce

Package Overview
Dependencies
Maintainers
7
Versions
85
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@vscode/vsce - npm Package Compare versions

Comparing version 2.25.1-3 to 2.25.1-4

1

dist/vsce.d.ts

@@ -165,2 +165,3 @@ /// <reference types="node" />

readonly pat?: string;
readonly azureCredential?: boolean;
readonly allowProposedApi?: boolean;

@@ -167,0 +168,0 @@ readonly noVerify?: boolean;

12

out/main.js

@@ -146,2 +146,3 @@ "use strict";

.option('-p, --pat <token>', 'Personal Access Token (defaults to VSCE_PAT environment variable)', process.env['VSCE_PAT'])
.option('--azure-credential', 'Use Microsoft Entra ID for authentication')
.option('-t, --target <targets...>', `Target architectures. Valid targets: ${ValidTargets}`)

@@ -174,4 +175,5 @@ .option('--ignore-other-target-folders', `Ignore other target folders. Valid only when --target <target> is provided.`)

.option('--skip-license', 'Allow publishing without license file')
.action((version, { pat, target, ignoreOtherTargetFolders, readmePath, changelogPath, message, gitTagVersion, updatePackageJson, packagePath, sigzipPath, githubBranch, gitlabBranch, baseContentUrl, baseImagesUrl, yarn, noVerify, allowProposedApis, allowAllProposedApis, ignoreFile, dependencies, preRelease, allowStarActivation, allowMissingRepository, skipDuplicate, skipLicense, }) => main((0, publish_1.publish)({
.action((version, { pat, azureCredential, target, ignoreOtherTargetFolders, readmePath, changelogPath, message, gitTagVersion, updatePackageJson, packagePath, sigzipPath, githubBranch, gitlabBranch, baseContentUrl, baseImagesUrl, yarn, noVerify, allowProposedApis, allowAllProposedApis, ignoreFile, dependencies, preRelease, allowStarActivation, allowMissingRepository, skipDuplicate, skipLicense, }) => main((0, publish_1.publish)({
pat,
azureCredential,
version,

@@ -207,4 +209,5 @@ targets: target,

.option('-p, --pat <token>', 'Personal Access Token')
.option('--azure-credential', 'Use Microsoft Entra ID for authentication')
.option('-f, --force', 'Skip confirmation prompt when unpublishing an extension')
.action((id, { pat, force }) => main((0, publish_1.unpublish)({ id, pat, force })));
.action((id, { pat, azureCredential, force }) => main((0, publish_1.unpublish)({ id, pat, azureCredential, force })));
commander_1.default

@@ -228,5 +231,6 @@ .command('ls-publishers')

.command('verify-pat [publisher]')
.description('Verifies if the Personal Access Token has publish rights for the publisher')
.description('Verifies if the Personal Access Token or Azure identity has publish rights for the publisher')
.option('-p, --pat <token>', 'Personal Access Token (defaults to VSCE_PAT environment variable)', process.env['VSCE_PAT'])
.action((publisherName, { pat }) => main((0, store_1.verifyPat)({ publisherName, pat })));
.option('--azure-credential', 'Use Microsoft Entra ID for authentication')
.action((publisherName, { pat, azureCredential }) => main((0, store_1.verifyPat)({ publisherName, pat, azureCredential })));
commander_1.default

@@ -233,0 +237,0 @@ .command('show <extensionid>')

16

out/publish.js

@@ -29,3 +29,3 @@ "use strict";

Object.defineProperty(exports, "__esModule", { value: true });
exports.unpublish = exports.publish = void 0;
exports.getPAT = exports.unpublish = exports.publish = void 0;
const fs = __importStar(require("fs"));

@@ -103,3 +103,3 @@ const util_1 = require("util");

async function _publish(packagePath, sigzipPath, manifest, options) {
const pat = options.pat ?? (await (0, store_1.getPublisher)(manifest.publisher)).pat;
const pat = await getPAT(manifest.publisher, options);
const api = await (0, util_2.getGalleryAPI)(pat);

@@ -216,3 +216,3 @@ const packageStream = fs.createReadStream(packagePath);

}
const pat = options.pat ?? (await (0, store_1.getPublisher)(publisher)).pat;
const pat = await getPAT(publisher, options);
const api = await (0, util_2.getGalleryAPI)(pat);

@@ -235,2 +235,12 @@ await api.deleteExtension(publisher, name);

}
async function getPAT(publisher, options) {
if (options.pat) {
return options.pat;
}
if (options.azureCredential) {
return await (0, util_2.getAzureCredentialAccessToken)();
}
return (await (0, store_1.getPublisher)(publisher)).pat;
}
exports.getPAT = getPAT;
//# sourceMappingURL=publish.js.map

3

out/store.js

@@ -33,2 +33,3 @@ "use strict";

const package_1 = require("./package");
const publish_1 = require("./publish");
class FileStore {

@@ -117,3 +118,3 @@ constructor(path, publishers) {

const publisherName = options.publisherName ?? (await (0, package_1.readManifest)()).publisher;
const pat = options.pat ?? (await getPublisher(publisherName)).pat;
const pat = await (0, publish_1.getPAT)(publisherName, options);
try {

@@ -120,0 +121,0 @@ // If the caller of the `getRoleAssignments` API has any of the roles

14

out/util.js

@@ -6,3 +6,3 @@ "use strict";

Object.defineProperty(exports, "__esModule", { value: true });
exports.patchOptionsWithManifest = exports.log = exports.sequence = exports.CancellationToken = exports.isCancelledError = exports.nonnull = exports.flatten = exports.chain = exports.normalize = exports.getPublicGalleryAPI = exports.getSecurityRolesAPI = exports.getGalleryAPI = exports.getHubUrl = exports.getMarketplaceUrl = exports.getPublishedUrl = exports.read = void 0;
exports.patchOptionsWithManifest = exports.log = exports.sequence = exports.CancellationToken = exports.isCancelledError = exports.nonnull = exports.flatten = exports.chain = exports.normalize = exports.getAzureCredentialAccessToken = exports.getPublicGalleryAPI = exports.getSecurityRolesAPI = exports.getGalleryAPI = exports.getHubUrl = exports.getMarketplaceUrl = exports.getPublishedUrl = exports.read = void 0;
const util_1 = require("util");

@@ -15,2 +15,3 @@ const read_1 = __importDefault(require("read"));

const os_1 = require("os");
const identity_1 = require("@azure/identity");
const __read = (0, util_1.promisify)(read_1.default);

@@ -55,2 +56,13 @@ function read(prompt, options = {}) {

exports.getPublicGalleryAPI = getPublicGalleryAPI;
async function getAzureCredentialAccessToken() {
try {
const credential = new identity_1.DefaultAzureCredential();
const token = await credential.getToken('499b84ac-1321-427f-aa17-267ca6975798/.default');
return token.token;
}
catch (error) {
throw new Error('Can not acquire a Microsoft Entra ID access token. Additional information:\n\n' + error);
}
}
exports.getAzureCredentialAccessToken = getAzureCredentialAccessToken;
function normalize(path) {

@@ -57,0 +69,0 @@ return path.replace(/\\/g, '/');

3

package.json
{
"name": "@vscode/vsce",
"version": "2.25.1-3",
"version": "2.25.1-4",
"description": "VS Code Extensions Manager",

@@ -41,2 +41,3 @@ "repository": {

"dependencies": {
"@azure/identity": "^4.1.0",
"azure-devops-node-api": "^12.5.0",

@@ -43,0 +44,0 @@ "chalk": "^2.4.2",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc