@vscode/vsce - npm Package Compare versions

Comparing version 2.29.0 to 2.29.1-0

out/publish.js

@@ -43,2 +43,3 @@ "use strict";
 const cockatiel_1 = require("cockatiel");
+const auth_1 = require("./auth");
 const tmpName = (0, util_1.promisify)(tmp.tmpName);
@@ -255,3 +256,3 @@ async function publish(options = {}) {
     if (options.azureCredential) {
-        return await (0, util_2.getAzureCredentialAccessToken)();
+        return await (0, auth_1.getAzureCredentialAccessToken)();
     }
@@ -258,0 +259,0 @@ return (await (0, store_1.getPublisher)(publisher)).pat;

out/util.js

@@ -6,3 +6,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.patchOptionsWithManifest = exports.log = exports.sequence = exports.CancellationToken = exports.isCancelledError = exports.nonnull = exports.flatten = exports.chain = exports.normalize = exports.getAzureCredentialAccessToken = exports.getPublicGalleryAPI = exports.getSecurityRolesAPI = exports.getGalleryAPI = exports.getHubUrl = exports.getMarketplaceUrl = exports.getPublishedUrl = exports.read = void 0;
+exports.patchOptionsWithManifest = exports.log = exports.sequence = exports.CancellationToken = exports.isCancelledError = exports.nonnull = exports.flatten = exports.chain = exports.normalize = exports.getPublicGalleryAPI = exports.getSecurityRolesAPI = exports.getGalleryAPI = exports.getHubUrl = exports.getMarketplaceUrl = exports.getPublishedUrl = exports.read = void 0;
 const util_1 = require("util");
@@ -15,3 +15,2 @@ const read_1 = __importDefault(require("read"));
 const os_1 = require("os");
-const identity_1 = require("@azure/identity");
 const __read = (0, util_1.promisify)(read_1.default);
@@ -56,13 +55,2 @@ function read(prompt, options = {}) {
 exports.getPublicGalleryAPI = getPublicGalleryAPI;
-async function getAzureCredentialAccessToken() {
-    try {
-        const credential = new identity_1.DefaultAzureCredential();
-        const token = await credential.getToken('499b84ac-1321-427f-aa17-267ca6975798/.default');
-        return token.token;
-    }
-    catch (error) {
-        throw new Error('Can not acquire a Microsoft Entra ID access token. Additional information:\n\n' + error);
-    }
-}
-exports.getAzureCredentialAccessToken = getAzureCredentialAccessToken;
 function normalize(path) {
@@ -69,0 +57,0 @@ return path.replace(/\\/g, '/');

package.json

 {
 	"name": "@vscode/vsce",
-	"version": "2.29.0",
+	"version": "2.29.1-0",
 	"description": "VS Code Extensions Manager",
@@ -5,0 +5,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

165979

increased by0.38%

Number of package files

24

increased by4.35%

Lines of code

3338

increased by0.3%

Worsened metrics

Number of low quality alerts

1

increased byInfinity%

Number of low supply chain risk alerts

19

increased by26.67%

No dependency changes