Merge branch 'main' into pr/418

.dockerignore

@@ -0,0 +1,10 @@
+node_modules/
+out/
+npm-debug.log
+!src/test/**/node_modules
+package-lock.json
+Dockerfile
+.gitignore
+LICENSE
+README.md
+ThirdPartyNotices.txt

.gitignore

@@ -2,4 +2,4 @@ node_modules/
 out/
 npm-debug.log
 !src/test/**/node_modules
-package-lock.json
+yarn.lock

.npmignore

@@ -9,4 +9,6 @@ yarn.lock
 .travis.yml
 .vscode/
 out/**/*.d.ts
-!out/api.d.ts
+!out/api.d.ts
+.dockerignore
+Dockerfile

.prettierignore

@@ -0,0 +1,3 @@
+out
+resources
+fixtures

.vscode/extensions.json

@@ -2,9 +2,7 @@
 	// See http://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
 	// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
 	// List of extensions which should be recommended for users of this workspace.
-	"recommendations": [
-		"hbenl.vscode-mocha-test-adapter",
-	],
+	"recommendations": ["hbenl.vscode-mocha-test-adapter"],
 	// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
 	"unwantedRecommendations": []
-}
+}

.vscode/launch.json

@@ -8,13 +8,14 @@
 			"type": "node",
 			"request": "launch",
 			"name": "Launch Program",
+			// "cwd": "<absolute path to your extension>",
 			"program": "${workspaceFolder}/out/vsce",
 			"args": [
 				"--version"
+				// "ls", "package", "publish"
 			],
 			"sourceMaps": true,
-			"outputCapture": "std",
-			"preLaunchTask": "compile"
+			"outputCapture": "std"
 		}
 	]
-}
+}

.vscode/settings.json

@@ -7,4 +7,4 @@
 	},
 	"typescript.tsdk": "./node_modules/typescript/lib",
 	"mochaExplorer.files": "out/**/test/*.test.js"
-}
+}

.vscode/tasks.json

@@ -1,16 +1,21 @@
 {
-	// See https://go.microsoft.com/fwlink/?LinkId=733558 
+	// See https://go.microsoft.com/fwlink/?LinkId=733558
 	// for the documentation about the tasks.json format
 	"version": "2.0.0",
 	"tasks": [
 		{
 			"type": "npm",
 			"script": "watch",
-			"problemMatcher": [
-				"$tsc-watch"
-			],
-			"group": "build",
+			"problemMatcher": ["$tsc-watch"],
+			"group": {
+				"kind": "build",
+				"isDefault": true
+			},
 			"isBackground": true
+		},
+		{
+			"type": "npm",
+			"script": "test"
 		}
 	]
-}
+}

Dockerfile

@@ -0,0 +1,10 @@
+FROM node:12-alpine
+WORKDIR /opt/vsce
+COPY package.json .
+COPY yarn.lock .
+RUN yarn
+COPY . .
+RUN yarn compile
+VOLUME /workspace
+WORKDIR /workspace
+ENTRYPOINT ["/opt/vsce/out/vsce"]

README.md

@@ -1,32 +1,66 @@
 # vsce
 
-> *The Visual Studio Code Extension Manager*
+> _The Visual Studio Code Extension Manager_
 
-[![Build Status](https://dev.azure.com/vscode/VSCE/_apis/build/status/VSCE?branchName=master)](https://dev.azure.com/vscode/VSCE/_build/latest?definitionId=16&branchName=master) [![npm version](https://badge.fury.io/js/vsce.svg)](https://badge.fury.io/js/vsce)
+[![Build Status](https://dev.azure.com/vscode/VSCE/_apis/build/status/VSCE?branchName=main)](https://dev.azure.com/vscode/VSCE/_build/latest?definitionId=16&branchName=main) [![npm version](https://badge.fury.io/js/vsce.svg)](https://badge.fury.io/js/vsce)
 
 ## Requirements
 
-- [Node.js](https://nodejs.org/en/) at least `8.x.x`
+- [Node.js](https://nodejs.org/en/) at least `10.x.x`
+
+Or simply [Docker](#via-docker).
 
 ## Usage
 
-`vsce` is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/master/src/api.ts).
+Install vsce globally:
+
+```sh
+npm install -g vsce
+```
+
+Verify the installation:
+
+```sh
+vsce --version
+```
+
+`vsce` is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/main/src/api.ts). When using vsce as a library be sure to sanitize any user input used in API calls, as a security measurement.
+
+## Usage via Docker
+
+You can also build a container for running vsce:
 
-> **Warning:** When using vsce as a library be sure to sanitize any user input used in API calls, as a security measurement.
+```sh
+git clone https://github.com/microsoft/vscode-vsce
+cd vscode-vsce
+docker build -t vsce .
+```
+
+Validate the container:
+
+```sh
+docker run -it vsce --version
+```
+
+Publish your local extension:
+
+```sh
+docker run -it -v $(pwd):/workspace vsce publish
+```
 
 ## Development
 
 First clone this repository, then:
 
 ```sh
-yarn
-yarn watch # or `watch-test` to also run tests
+npm i
+npm run watch # or `watch-test` to also run tests
 ```
 
 Once the watcher is up and running, you can run out of sources with:
 
 ```sh
-yarn vsce
+npm run vsce
 ```
 
 ### Publish to NPM

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

azure-pipelines.yml

@@ -5,27 +5,27 @@ trigger:
     include: ['*']
 
 steps:
-- task: NodeTool@0
-  inputs:
-    versionSpec: "8.x"
+  - task: NodeTool@0
+    inputs:
+      versionSpec: '10.x'
 
-- task: geeklearningio.gl-vsts-tasks-yarn.yarn-installer-task.YarnInstaller@2
-  inputs:
-    versionSpec: "1.x"
+  - task: geeklearningio.gl-vsts-tasks-yarn.yarn-installer-task.YarnInstaller@2
+    inputs:
+      versionSpec: '1.x'
 
-- script: yarn
-  displayName: Install Dependencies
+  - script: yarn
+    displayName: Install Dependencies
 
-- script: yarn compile
-  displayName: Compile
+  - script: yarn compile
+    displayName: Compile
 
-- script: yarn test
-  displayName: Run Tests
+  - script: yarn test
+    displayName: Run Tests
 
-- task: Npm@1
-  displayName: 'Publish to NPM'
-  inputs:
-    command: publish
-    verbose: false
-    publishEndpoint: 'NPM'
-  condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/'))
+  - task: Npm@1
+    displayName: 'Publish to NPM'
+    inputs:
+      command: publish
+      verbose: false
+      publishEndpoint: 'NPM'
+    condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/tags/'))