vscode-openvsx-extension-publish
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the execution of several local commands to facilitate the publishing process.
- Generates a local script
_generate-icon.mjsto create an SVG icon and executes it using Node.js. - Uses the
codeCLI to install and uninstall.vsixpackages for local verification. - Uses the
ghCLI to automate the creation of a namespace claim issue on the official Open VSX repository. - [EXTERNAL_DOWNLOADS]: Utilizes
npxto download and execute well-known extension management tools. - Fetches
@vscode/vscefrom the official Microsoft/VSCode registry for packaging and publishing. - Fetches
ovsxfrom the Eclipse Foundation for Open VSX compatibility. - Fetches
sharp-clifor image processing during icon generation.
Audit Metadata