squash!

.dockerignore

@@ -9,4 +9,4 @@ LICENSE
 README.md
 SECURITY.md
 azure-pipelines.yml
-ThirdPartyNotices.txt
+ThirdPartyNotices.txt

.gitignore

@@ -3,4 +3,4 @@ out/
 dist/
 npm-debug.log
 !src/test/**/node_modules
-yarn.lock
+yarn.lock

.npmignore

@@ -10,4 +10,4 @@ Dockerfile
 SECURITY.md
 tsconfig.json
 api-extractor.json
-**/*.js.map
+**/*.js.map

Dockerfile

@@ -1,7 +1,7 @@
 FROM node:14-alpine
 RUN apk add --update-cache \
-    libsecret \
-  && rm -rf /var/cache/apk/*
+	libsecret \
+	&& rm -rf /var/cache/apk/*
 WORKDIR /opt/vsce
 COPY package.json package-lock.json ./
 RUN npm install

README.md

@@ -7,20 +7,24 @@
 
 ## Requirements
 
-- [Node.js](https://nodejs.org/en/) at least `14.x.x`
+-   [Node.js](https://nodejs.org/en/) at least `14.x.x`
 
 Or simply [Docker](#usage-via-docker).
 
 ### Linux
 
-In order to save credentials safely, this project uses [keytar](https://www.npmjs.com/package/keytar) which uses `libsecret`, which you may need to install before publishing extensions. Setting the `VSCE_STORE=file` environment variable will revert back to the file credential store. Using the `VSCE_PAT` environment variable will also avoid using keytar.
+In order to save credentials safely, this project uses
+[keytar](https://www.npmjs.com/package/keytar) which uses `libsecret`, which you
+may need to install before publishing extensions. Setting the `VSCE_STORE=file`
+environment variable will revert back to the file credential store. Using the
+`VSCE_PAT` environment variable will also avoid using keytar.
 
 Depending on your distribution, you will need to run the following command:
 
-- Debian/Ubuntu: `sudo apt-get install libsecret-1-dev`
-- Alpine: `apk add libsecret`
-- Red Hat-based: `sudo yum install libsecret-devel`
-- Arch Linux: `sudo pacman -S libsecret`
+-   Debian/Ubuntu: `sudo apt-get install libsecret-1-dev`
+-   Alpine: `apk add libsecret`
+-   Red Hat-based: `sudo yum install libsecret-devel`
+-   Arch Linux: `sudo pacman -S libsecret`
 
 ## Usage
 
@@ -36,7 +40,11 @@ Verify the installation:
 vsce --version
 ```
 
-`vsce` is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/main/src/api.ts). When using vsce as a library be sure to sanitize any user input used in API calls, as a security measurement.
+`vsce` is meant to be mainly used as a command line tool. It can also be used a
+library since it exposes a small
+[API](https://github.com/microsoft/vscode-vsce/blob/main/src/api.ts). When using
+vsce as a library be sure to sanitize any user input used in API calls, as a
+security measurement.
 
 ## Usage via Docker
 
@@ -60,22 +68,24 @@ docker run --rm -it -v "$(pwd)":/workspace vsce publish
 
 ## Configuration
 
-You can configure the behavior of `vsce` by using CLI flags (run `vsce --help` to list them all). Example:
+You can configure the behavior of `vsce` by using CLI flags (run `vsce --help`
+to list them all). Example:
 
 ```console
 vsce publish --baseImagesUrl https://my.custom/base/images/url
 ```
 
-Or you can also set them in the `package.json`, so that you avoid having to retype the common options again. Example:
+Or you can also set them in the `package.json`, so that you avoid having to
+retype the common options again. Example:
 
 ```jsonc
 // package.json
 {
-  "vsce": {
-    "baseImagesUrl": "https://my.custom/base/images/url",
-    "dependencies": true,
-    "yarn": false
-  }
+	"vsce": {
+		"baseImagesUrl": "https://my.custom/base/images/url",
+		"dependencies": true,
+		"yarn": false
+	}
 }
 ```
 
@@ -101,9 +111,13 @@ Tests can be executed with:
 $ npm test
 ```
 
-> **Note:** [Yarn](https://www.npmjs.com/package/yarn) is required to run the tests.
+> **Note:** [Yarn](https://www.npmjs.com/package/yarn) is required to run the
+> tests.
+
 ## About
 
 This tool assists in packaging and publishing Visual Studio Code extensions.
 
-Read the [**Documentation**](https://code.visualstudio.com/api/working-with-extensions/publishing-extension) on the VS Code website.
+Read the
+[**Documentation**](https://code.visualstudio.com/api/working-with-extensions/publishing-extension)
+on the VS Code website.

SECURITY.md

@@ -2,40 +2,62 @@
 
 ## Security
 
-Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
-
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
+Microsoft takes the security of our software products and services seriously,
+which includes all source code repositories managed through our GitHub
+organizations, which include [Microsoft](https://github.com/Microsoft),
+[Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet),
+[AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and
+[our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned
+repository that meets
+[Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>),
+please report it to us as described below.
 
 ## Reporting Security Issues
 
 **Please do not report security vulnerabilities through public GitHub issues.**
 
-Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+Instead, please report them to the Microsoft Security Response Center (MSRC) at
+[https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
 
-If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+If you prefer to submit without logging in, send email to
+[secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your
+message with our PGP key; please download it from the
+[Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
 
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+You should receive a response within 24 hours. If for some reason you do not,
+please follow up via email to ensure we received your original message.
+Additional information can be found at
+[microsoft.com/msrc](https://www.microsoft.com/msrc).
 
-Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+Please include the requested information listed below (as much as you can
+provide) to help us better understand the nature and scope of the possible
+issue:
 
-- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-- Full paths of source file(s) related to the manifestation of the issue
-- The location of the affected source code (tag/branch/commit or direct URL)
-- Any special configuration required to reproduce the issue
-- Step-by-step instructions to reproduce the issue
-- Proof-of-concept or exploit code (if possible)
-- Impact of the issue, including how an attacker might exploit the issue
+-   Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting,
+    etc.)
+-   Full paths of source file(s) related to the manifestation of the issue
+-   The location of the affected source code (tag/branch/commit or direct URL)
+-   Any special configuration required to reproduce the issue
+-   Step-by-step instructions to reproduce the issue
+-   Proof-of-concept or exploit code (if possible)
+-   Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 
-If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+If you are reporting for a bug bounty, more complete reports can contribute to a
+higher bounty award. Please visit our
+[Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more
+details about our active programs.
 
 ## Preferred Languages
 
 We prefer all communications to be in English.
 
 ## Policy
 
-Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+Microsoft follows the principle of
+[Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
 
 <!-- END MICROSOFT SECURITY.MD BLOCK -->

Source/api.ts

@@ -1,20 +1,31 @@
-import { publish as _publish, IPublishOptions } from './publish';
-import { packageCommand, listFiles as _listFiles, IPackageOptions } from './package';
+import { publish as _publish, IPublishOptions } from "./publish";
+import {
+	packageCommand,
+	listFiles as _listFiles,
+	IPackageOptions,
+} from "./package";
 
 /**
  * @deprecated prefer IPackageOptions instead
  * @public
  */
 export type IBaseVSIXOptions = Pick<
 	IPackageOptions,
-	'baseContentUrl' | 'baseImagesUrl' | 'githubBranch' | 'gitlabBranch' | 'useYarn' | 'target' | 'preRelease'
+	| "baseContentUrl"
+	| "baseImagesUrl"
+	| "githubBranch"
+	| "gitlabBranch"
+	| "useYarn"
+	| "target"
+	| "preRelease"
 >;
 
 /**
  * @deprecated prefer IPackageOptions instead
  * @public
  */
-export type ICreateVSIXOptions = Pick<IPackageOptions, 'cwd' | 'packagePath'> & IBaseVSIXOptions;
+export type ICreateVSIXOptions = Pick<IPackageOptions, "cwd" | "packagePath"> &
+	IBaseVSIXOptions;
 
 /**
  * The supported list of package managers.
@@ -56,7 +67,7 @@ export interface IListFilesOptions {
 	ignoreFile?: string;
 }
 
-export type { IPackageOptions } from './package';
+export type { IPackageOptions } from "./package";
 
 /**
  * Creates a VSIX from the extension in the current working directory.
@@ -66,7 +77,7 @@ export function createVSIX(options: IPackageOptions = {}): Promise<any> {
 	return packageCommand(options);
 }
 
-export type { IPublishOptions } from './publish';
+export type { IPublishOptions } from "./publish";
 
 /**
  * Publishes the extension in the current working directory.
@@ -92,17 +103,23 @@ export function listFiles(options: IListFilesOptions = {}): Promise<string[]> {
  * Options for the `publishVSIX` function.
  * @public
  */
-export type IPublishVSIXOptions = IPublishOptions & Pick<IPackageOptions, 'target'>;
+export type IPublishVSIXOptions = IPublishOptions &
+	Pick<IPackageOptions, "target">;
 
 /**
  * Publishes a pre-build VSIX.
  * @public
  */
-export function publishVSIX(packagePath: string | string[], options: IPublishVSIXOptions = {}): Promise<any> {
+export function publishVSIX(
+	packagePath: string | string[],
+	options: IPublishVSIXOptions = {}
+): Promise<any> {
 	return _publish({
-		packagePath: typeof packagePath === 'string' ? [packagePath] : packagePath,
+		packagePath:
+			typeof packagePath === "string" ? [packagePath] : packagePath,
 		...options,
-		targets: typeof options.target === 'string' ? [options.target] : undefined,
+		targets:
+			typeof options.target === "string" ? [options.target] : undefined,
 		...{ target: undefined },
 	});
 }