Merge branch 'master' into support-yarn-workspaces

.dockerignore

@@ -0,0 +1,13 @@
+node_modules/
+out/
+npm-debug.log
+!src/test/**/node_modules
+Dockerfile
+.gitignore
+.npmignore
+.prettierignore
+LICENSE
+README.md
+SECURITY.md
+azure-pipelines.yml
+ThirdPartyNotices.txt

.gitignore

@@ -2,4 +2,4 @@ node_modules/
 out/
 npm-debug.log
 !src/test/**/node_modules
-package-lock.json
+yarn.lock

.npmignore

@@ -9,4 +9,6 @@ yarn.lock
 .travis.yml
 .vscode/
 out/**/*.d.ts
-!out/api.d.ts
+!out/api.d.ts
+.dockerignore
+Dockerfile

.vscode/extensions.json

@@ -2,7 +2,7 @@
 	// See http://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
 	// Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
 	// List of extensions which should be recommended for users of this workspace.
-	"recommendations": ["hbenl.vscode-mocha-test-adapter"],
+	"recommendations": ["hbenl.vscode-mocha-test-adapter", "esbenp.prettier-vscode"],
 	// List of extensions recommended by VS Code that should not be recommended for users of this workspace.
 	"unwantedRecommendations": []
 }

.vscode/settings.json

@@ -6,5 +6,13 @@
 		"out": true
 	},
 	"typescript.tsdk": "./node_modules/typescript/lib",
-	"mochaExplorer.files": "out/**/test/*.test.js"
+	"[json]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"[jsonc]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	},
+	"[typescript]": {
+		"editor.defaultFormatter": "esbenp.prettier-vscode"
+	}
 }

.vscode/tasks.json

@@ -5,7 +5,7 @@
 	"tasks": [
 		{
 			"type": "npm",
-			"script": "watch",
+			"script": "watch:build",
 			"problemMatcher": ["$tsc-watch"],
 			"group": {
 				"kind": "build",

Dockerfile

@@ -0,0 +1,10 @@
+FROM node:12-alpine
+WORKDIR /opt/vsce
+COPY package.json package-lock.json .
+RUN npm install
+COPY . .
+RUN npm run compile
+RUN rm package-lock.json tsconfig.json
+VOLUME /workspace
+WORKDIR /workspace
+ENTRYPOINT ["/opt/vsce/out/vsce"]

README.md

@@ -2,31 +2,65 @@
 
 > _The Visual Studio Code Extension Manager_
 
-[![Build Status](https://dev.azure.com/vscode/VSCE/_apis/build/status/VSCE?branchName=master)](https://dev.azure.com/vscode/VSCE/_build/latest?definitionId=16&branchName=master) [![npm version](https://badge.fury.io/js/vsce.svg)](https://badge.fury.io/js/vsce)
+[![Build Status](https://dev.azure.com/vscode/VSCE/_apis/build/status/VSCE?branchName=main)](https://dev.azure.com/vscode/VSCE/_build/latest?definitionId=16&branchName=main) [![npm version](https://badge.fury.io/js/vsce.svg)](https://badge.fury.io/js/vsce)
 
 ## Requirements
 
 - [Node.js](https://nodejs.org/en/) at least `10.x.x`
 
+Or simply [Docker](#via-docker).
+
 ## Usage
 
-`vsce` is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/master/src/api.ts).
+Install vsce globally:
+
+```sh
+npm install -g vsce
+```
+
+Verify the installation:
+
+```sh
+vsce --version
+```
+
+`vsce` is meant to be mainly used as a command line tool. It can also be used a library since it exposes a small [API](https://github.com/microsoft/vscode-vsce/blob/main/src/api.ts). When using vsce as a library be sure to sanitize any user input used in API calls, as a security measurement.
+
+## Usage via Docker
+
+You can also build a container for running vsce:
 
-> **Warning:** When using vsce as a library be sure to sanitize any user input used in API calls, as a security measure.
+```sh
+git clone https://github.com/microsoft/vscode-vsce
+cd vscode-vsce
+docker build -t vsce .
+```
+
+Validate the container:
+
+```sh
+docker run -it vsce --version
+```
+
+Publish your local extension:
+
+```sh
+docker run -it -v $(pwd):/workspace vsce publish
+```
 
 ## Development
 
 First clone this repository, then:
 
 ```sh
-yarn
-yarn watch # or `watch-test` to also run tests
+npm i
+npm run watch # or `watch-test` to also run tests
 ```
 
 Once the watcher is up and running, you can run out of sources with:
 
 ```sh
-yarn vsce
+npm run vsce
 ```
 
 ### Publish to NPM

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](<https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)>), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

azure-pipelines.yml

@@ -9,17 +9,13 @@ steps:
     inputs:
       versionSpec: '10.x'
 
-  - task: geeklearningio.gl-vsts-tasks-yarn.yarn-installer-task.YarnInstaller@2
-    inputs:
-      versionSpec: '1.x'
-
-  - script: yarn
+  - script: npm install
     displayName: Install Dependencies
 
-  - script: yarn compile
-    displayName: Compile
+  - script: npm run build
+    displayName: Build
 
-  - script: yarn test
+  - script: npm run test
     displayName: Run Tests
 
   - task: Npm@1