-
Notifications
You must be signed in to change notification settings - Fork 42
Produce and Publish the set of vscode built in extensions
Eclipse Theia is an Eclipse Foundation project, we follow the Foundation's IP process regarding 3PPs (runtime dependencies as well as "build and test" dependencies, obtained from the public npm registry). See the Eclipse Foundation Project Handbook IP section for more details. We use dash-licenses to obtain (mostly) automated approval for the 3PP dependencies used to build the built-in extensions. This is done manually ATM, documented in details here
At the moment this is only informational. This check's results will uncover vulnerabilities in 3PP dependencies, some versions of which now have security vulnerabilities reported against them, that were not known at the time of the corresponding Visual Studio Code product. The portrait has recently improved a lot, because we have made rapid progress in supporting newer vscode extensions API versions. This means the vscode built-in extensions we produce for the newer APIs are based on more recent code, that have accumulated less vulnerability reports. When we catch-up and stay close to the most recent API, the built-in extensions we build here will have close to zero vulnerabilities, when we produce and publish them.
See here for how to run yarn audit, for the full set of built-in extensions.