Security News
vlt Debuts New JavaScript Package Manager and Serverless Registry at NodeConf EU
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
@vscode/vsce
Advanced tools
@vscode/vsce is a command-line tool designed to help developers package, publish, and manage Visual Studio Code extensions. It simplifies the process of creating and distributing extensions by providing a set of commands that handle common tasks such as packaging the extension into a .vsix file, publishing it to the Visual Studio Code Marketplace, and more.
Packaging an Extension
This feature allows you to package your Visual Studio Code extension into a .vsix file, which can then be shared or published. The code sample demonstrates how to use the `createVSIX` method to package an extension.
const vsce = require('@vscode/vsce');
async function packageExtension() {
try {
await vsce.createVSIX();
console.log('Extension packaged successfully');
} catch (error) {
console.error('Error packaging extension:', error);
}
}
packageExtension();
Publishing an Extension
This feature allows you to publish your extension to the Visual Studio Code Marketplace. The code sample demonstrates how to use the `publish` method with a personal access token to publish an extension.
const vsce = require('@vscode/vsce');
async function publishExtension() {
try {
await vsce.publish({
pat: 'your-personal-access-token'
});
console.log('Extension published successfully');
} catch (error) {
console.error('Error publishing extension:', error);
}
}
publishExtension();
Listing Published Extensions
This feature allows you to list all the extensions you have published. The code sample demonstrates how to use the `list` method to retrieve and display the list of published extensions.
const vsce = require('@vscode/vsce');
async function listExtensions() {
try {
const extensions = await vsce.list();
console.log('Published extensions:', extensions);
} catch (error) {
console.error('Error listing extensions:', error);
}
}
listExtensions();
Yeoman (yo) is a scaffolding tool that helps developers quickly set up new projects with best practices and tools. While it is not specific to Visual Studio Code extensions, it can be used to generate the initial structure of a VS Code extension project. Compared to @vscode/vsce, Yeoman focuses more on project scaffolding rather than packaging and publishing.
generator-code is a Yeoman generator specifically designed for creating Visual Studio Code extensions. It helps you scaffold a new extension project with all the necessary files and configurations. Unlike @vscode/vsce, which focuses on packaging and publishing, generator-code is used for the initial setup of the extension project.
vsce is the original command-line tool for packaging and publishing Visual Studio Code extensions. It provides similar functionalities to @vscode/vsce, such as creating .vsix files and publishing to the marketplace. The main difference is that @vscode/vsce is a more recent and possibly more maintained version of the tool.
The Visual Studio Code Extension Manager
14.x.x
Or simply Docker.
In order to save credentials safely, this project uses keytar which uses libsecret
, which you may need to install before publishing extensions. Setting the VSCE_STORE=file
environment variable will revert back to the file credential store. Using the VSCE_PAT
environment variable will also avoid using keytar.
Depending on your distribution, you will need to run the following command:
sudo apt-get install libsecret-1-dev
apk add libsecret
sudo yum install libsecret-devel
sudo pacman -S libsecret
Install vsce globally:
npm install --global @vscode/vsce
Verify the installation:
vsce --version
vsce
is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small API. When using vsce as a library be sure to sanitize any user input used in API calls, as a security measurement.
You can also build a container for running vsce:
$ DOCKER_BUILDKIT=1 docker build --tag vsce "https://github.com/microsoft/vscode-vsce.git#main"
Validate the container:
docker run --rm -it vsce --version
Publish your local extension:
docker run --rm -it -v "$(pwd)":/workspace vsce publish
You can configure the behavior of vsce
by using CLI flags (run vsce --help
to list them all). Example:
vsce publish --baseImagesUrl https://my.custom/base/images/url
Or you can also set them in the package.json
, so that you avoid having to retype the common options again. Example:
// package.json
{
"vsce": {
"baseImagesUrl": "https://my.custom/base/images/url"
"dependencies": true,
"yarn": false
}
}
First clone this repository, then:
$ npm install
$ npm run watch:build # or `watch:test` to also build tests
Once the watcher is up and running, you can run out of sources with:
node vsce
This tool assists in packaging and publishing Visual Studio Code extensions.
Read the Documentation on the VS Code website.
FAQs
VS Code Extensions Manager
The npm package @vscode/vsce receives a total of 61,494 weekly downloads. As such, @vscode/vsce popularity was classified as popular.
We found that @vscode/vsce demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.