Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
azure-devops-extension-sdk
Advanced tools
Client SDK and TypeScript declare files for developing Azure DevOps extensions.
The core SDK script, DevOps.SDK.js
, enables web extensions to communicate to the host frame and to perform operations like initialization, notifying the host that the extension is loaded or getting context about the current page.
npm install azure-devops-extension-sdk
from the root of your extension projectThis will place DevOps.SDK.js
and DevOps.SDK.debug.js
in node_modules/azure-devops-extension-sdk/lib/
If you are developing a web extension, you will need to reference the SDK script from your HTML pages. For example:
<script src="lib/DevOps.SDK.js"></script>
To ensure the SDK script is packaged with your extension, update your extension manifest (typically vss-extension.json
) and add a new entry to files
:
{
"files": [{
"path": "node_modules/azure-devops-extension-sdk/lib",
"addressable": true,
"packagePath": "lib"
}]
}
Note: setting packagePath
is optional, but results in a simpler path for referencing the SDK script from your HTML pages. Not setting a part name would have required you to reference the full path in your <script>
tag (src="node_modules/azure-devops-extension-sdk/lib/DevOps.SDK.js"
)
From your web extension's HTML page, include and initialize the DevOps SDK like this:
<script>
// Initialize the SDK
DevOps.init({
applyTheme: true, // Supply if your extension is showing UI for it to reflect the user's DevOps theme
loaded: true // Supply if your extension content is ready to be shown. Otherwise call DevOps.notifyLoadSucceeded() when loaded.
});
// Register callback to get called when initial handshake with the host has completed
DevOps.ready(function() {
// Start using the DevOps SDK
});
</script>
Full API reference of DevOps.SDK.js can be found at Core Client SDK page.
Type definitions are provided for:
typings/DevOps.SDK.d.ts
)From a TypeScript 2.5 or later project:
"moduleResolution": "node"
in your tsconfig.json
project fileSee TypeScript Module Resolution for more details.
Alternatively, you can explicitly reference the types at the top of your TypeScript file(s):
/// <reference types="azure-devops-extension-sdk" />
If you are developing a web extension for Azure DevOps using TypeScript, we recommend the following organization:
|-- src
|-- app.ts
|-- some-module
|-- a.ts
|-- b.ts
|-- static
|-- css
|-- main.css
|-- images
|-- logo.png
|-- app.html
|-- vss-extension.json
|-- package.json
|-- tsconfig.json
src
static
tsconfig.json
)Defines the options for compiling your TypeScript files.
{
"compilerOptions": {
"module": "amd",
"moduleResolution": "node",
"target": "es5",
"rootDir": "src/",
"outDir": "dist/",
"types": [
"azure-devops-extension-sdk"
]
}
}
After compiling (tsc -p .
), resulting .js files are placed in dist
. For example, dist/app.js
.
If your code directly uses types from other @types modules, you will want to include the module(s) in your package.json and add them to the types
array. See @types.
Learn more about tsconfig.json
package.json
)Declares the libraries (like the azure-devops-extension-sdk) required to compile, package, and use your extension.
{
/* other details like ID, version, etc are omitted */
"scripts": {
"build": "tsc -p .",
"postbuild": "npm run package",
"package": "tfx extension create",
"gallery-publish": "tfx extension publish --rev-version",
"clean": "rimraf ./dist && rimraf ./*.vsix"
},
"devDependencies": {
"rimraf": "^2.5.4",
"tfx-cli": "^0.3.45",
"typescript": "^2.1.4"
},
"dependencies": {
"azure-devops-extension-sdk": "^1.141.0"
}
}
scripts
provides a convenient way to define common operations that you want to perform on your project, like compiling and packaging.
npm run build
. This runs build
and postbuild
. If you make a change that doesn't require compiling, you can package by simply running npm run package
.postbuild
script to run the gallery-publish
script (instead of package
). You can then run npm run build -- --token xxxxxx
(where xxxx is you personal access token for publishing to the Marketplace) to build, package, and publish your extension.Learn more about package.json
vss-extension.json
){
/* details omitted */
"files": [
{
"path": "dist",
"addressable": true
},
{
"path": "static",
"addressable": true
},
{
"path": "node_modules/azure-devops-extension-sdk/lib",
"addressable": true,
"packagePath": "lib"
}
],
"contributions": [
{
"id": "my-hub",
"type": "ms.vss-web.hub",
"properties": {
"name": "Hub",
"uri": "static/app.html"
}
}
]
}
The compiled JavaScript files (placed into dist
by your tsconfig.json
) will be packaged into the dist
folder of the extension package.
The DevOps SDK scripts will be packaged into the lib
folder of the extension package.
Learn more about the extension manifest.
<head>
<script src="../lib/Devops.SDK.js"></script>
<!--
Alternatively, if the packagePath attribute is not set for this file in your extension manifest (see above), do this:
<script src="../node_modules/azure-devops-extension-sdk/lib/DevOps.SDK.js"></script>
-->
</head>
<body>
<script type="text/javascript">
// Initialize the SDK
DevOps.init({
applyTheme: true, // Supply if your extension is showing UI for it to reflect the user's DevOps theme
loaded: true // Supply if your extension content is ready to be shown. Otherwise call DevOps.notifyLoadSucceeded() when loaded.
});
// Register callback to get called when initial handshake with the host has completed
DevOps.ready(function() {
// Start using the DevOps SDK
});
</script>
</body>
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Azure DevOps web extension JavaScript library.
The npm package azure-devops-extension-sdk receives a total of 1,199 weekly downloads. As such, azure-devops-extension-sdk popularity was classified as popular.
We found that azure-devops-extension-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.