Merge remote-tracking branch 'Parent/main' into Current

.dockerignore

@@ -0,0 +1,12 @@
+node_modules/
+out/
+npm-debug.log
+!src/test/**/node_modules
+Dockerfile
+.gitignore
+.npmignore
+LICENSE
+README.md
+SECURITY.md
+azure-pipelines.yml
+ThirdPartyNotices.txt

.gitignore

@@ -0,0 +1,6 @@
+node_modules/
+out/
+dist/
+npm-debug.log
+!src/test/**/node_modules
+yarn.lock

.npmignore

@@ -0,0 +1,13 @@
+.github/
+.vscode/
+build/
+src/
+out/test/
+out/**/*.d.ts
+.dockerignore
+.gitignore
+Dockerfile
+SECURITY.md
+tsconfig.json
+api-extractor.json
+**/*.js.map

.vscode/extensions.json

@@ -0,0 +1,8 @@
+{
+  // See http://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
+  // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
+  // List of extensions which should be recommended for users of this workspace.
+  "recommendations": ["hbenl.vscode-mocha-test-adapter"],
+  // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
+  "unwantedRecommendations": []
+}

.vscode/launch.json

@@ -0,0 +1,21 @@
+{
+	// Use IntelliSense to learn about possible attributes.
+	// Hover to view descriptions of existing attributes.
+	// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+	"version": "0.2.0",
+	"configurations": [
+		{
+			"type": "node",
+			"request": "launch",
+			"name": "Launch Program",
+			// "cwd": "<absolute path to your extension>",
+			"program": "${workspaceFolder}/vsce",
+			"args": [
+				"--version"
+				// "ls", "package", "publish"
+			],
+			"sourceMaps": true,
+			"outputCapture": "std"
+		}
+	]
+}

.vscode/settings.json

@@ -0,0 +1,11 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+  "editor.insertSpaces": false,
+  "search.exclude": {
+    "**/node_modules": true,
+    "out": true
+  },
+  "typescript.tsdk": "./node_modules/typescript/lib",
+  "git.branchProtection": ["main"],
+  "files.associations": { "*.json": "jsonc" }
+}

.vscode/tasks.json

@@ -0,0 +1,28 @@
+{
+	// See https://go.microsoft.com/fwlink/?LinkId=733558
+	// for the documentation about the tasks.json format
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"type": "npm",
+			"script": "watch:build",
+			"problemMatcher": ["$tsc-watch"],
+			"group": {
+				"kind": "build",
+				"isDefault": true
+			},
+			"isBackground": true
+		},
+		{
+			"type": "npm",
+			"script": "test",
+			"problemMatcher": [],
+			"label": "npm: test",
+			"detail": "mocha",
+			"group": {
+				"kind": "test",
+				"isDefault": true
+			}
+		}
+	]
+}

Dockerfile

@@ -0,0 +1,13 @@
+FROM node:18-alpine
+RUN apk add --update-cache \
+    libsecret \
+  && rm -rf /var/cache/apk/*
+WORKDIR /opt/vsce
+COPY package.json package-lock.json ./
+RUN npm install
+COPY . .
+RUN npm run compile
+RUN rm package-lock.json tsconfig.json
+VOLUME /workspace
+WORKDIR /workspace
+ENTRYPOINT ["/opt/vsce/vsce"]

LICENSE

@@ -0,0 +1,18 @@
+
+Copyright (c) Microsoft Corporation
+
+All rights reserved. 
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation 
+files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy,
+modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software 
+is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 
+BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT 
+OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,82 @@
+# @vscode/vsce
+
+> _The Visual Studio Code Extension Manager_
+
+[![Build Status](https://dev.azure.com/monacotools/Monaco/_apis/build/status/npm/microsoft.vscode-vsce?repoName=microsoft%2Fvscode-vsce&branchName=main)](https://dev.azure.com/monacotools/Monaco/_build/latest?definitionId=446&repoName=microsoft%2Fvscode-vsce&branchName=main)
+[![Version](https://img.shields.io/npm/v/@vscode/vsce.svg)](https://npmjs.org/package/@vscode/vsce)
+
+This tool assists in packaging and publishing Visual Studio Code extensions.
+
+Read the [**Documentation**](https://code.visualstudio.com/api/working-with-extensions/publishing-extension) on the VS Code website.
+
+## Requirements
+
+[Node.js](https://nodejs.org/en/) at least `20.x.x`.
+
+### Linux
+
+In order to save credentials safely, this project uses [`keytar`](https://www.npmjs.com/package/keytar) which uses `libsecret`, which you may need to install before publishing extensions. Setting the `VSCE_STORE=file` environment variable will revert back to the file credential store. Using the `VSCE_PAT` environment variable will also avoid using `keytar`.
+
+Depending on your distribution, you will need to run the following command:
+
+- Debian/Ubuntu: `sudo apt-get install libsecret-1-dev`
+- Alpine: `apk add libsecret`
+- Red Hat-based: `sudo yum install libsecret-devel`
+- Arch Linux: `sudo pacman -S libsecret`
+
+## Usage
+
+```console
+$ npx @vscode/vsce --version
+```
+
+`@vscode/vsce` is meant to be mainly used as a command-line tool. It can also be used as a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/main/src/api.ts). When using `@vscode/vsce` as a library, be sure to sanitize any user input used in API calls to prevent security issues.
+
+Supported package managers:
+
+- `npm >=6`
+- `yarn >=1 <2`
+
+## Configuration
+
+You can configure the behavior of `vsce` by using CLI flags (run `vsce --help` to list them all). Example:
+
+```console
+$ npx @vscode/vsce publish --baseImagesUrl https://my.custom/base/images/url
+```
+
+Or you can also set them in the `package.json`, so that you avoid having to retype the common options again. Example:
+
+```jsonc
+// package.json
+{
+  "vsce": {
+    "baseImagesUrl": "https://my.custom/base/images/url",
+    "dependencies": true,
+    "yarn": false
+  }
+}
+```
+
+## Development
+
+First clone this repository, then:
+
+```console
+$ npm install
+$ npm run watch:build # or `watch:test` to also build tests
+```
+
+Once the watcher is up and running, you can run out of sources with:
+
+```console
+$ node vsce
+```
+
+Tests can be executed with:
+
+```console
+$ npm test
+```
+
+> **Note:** [Yarn](https://www.npmjs.com/package/yarn) is required to run the tests.

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->