Skip to content

Add VS Code extensions #673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
booniepepper wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add VS Code extensions #673

booniepepper wants to merge 6 commits into from

Conversation

@booniepepper
Copy link
Contributor

@booniepepper booniepepper commented Sep 17, 2025
edited by pombredanne
Loading

Closes:

Clashes a little with a different approach at #671 since this will consider the VS Code extension marketplace as the default repository

I think we're aligned on this now

The type vsx refers to "VS code eXtension" and seems to be used in multiple places. Open to alternatives like vscode. As a note, the file extension for these IDE extension packages is .vsix.

After discussion, the PR now proposes the type vscode. The previous suggestion of vsx is ambiguous as it could refer to either VS Code extensions (JS) or to Visual Studio extensions (C#) which are incompatible. (Refer to this comment thread)

Happy to hear & take feedback, thanks!

@booniepepper booniepepper mentioned this pull request Sep 17, 2025
Open
@booniepepper booniepepper force-pushed the add-vscode-extensions branch 2 times, most recently from 7958fe9 to 65fe416 Compare September 17, 2025 14:47
@jkowalleck jkowalleck mentioned this pull request Sep 18, 2025
Closed
@booniepepper
Copy link
Contributor Author

booniepepper commented Sep 19, 2025

@jkowalleck Any thoughts on this?

@mixmix
Copy link

mixmix commented Sep 24, 2025

As I raised here : #671 (comment) , I'm really interested in how we keep consumers of PURLs safe from things like typosquat attacks. Some context is I work in security and have had a client ask me to review an extension giving just it's name ... and it was really hard to answer their question because I did not know which code I was meant to be auditing! (because there are two registries and they can have different code).

To that end I'm against vsx because I'm scared of it being a foot-gun. I think vscode would be a lot safer.

I think we should explore the question of how we handle referencing extensions in these two registries before merging these PRs though. Propose we continue discussion in that other PR (it's got a bit of discussion already)

@booniepepper
Copy link
Contributor Author

booniepepper commented Sep 25, 2025

I have examples in the PR. I think it's easy to distinguish the source by repository_url and this follows the convention used in many other PURL specs.

P.S. I incorporated your changes and credited you in one of the commits included in this PR

P.P.S. I've also been working on software supply chain security for much of the past 5 years

@mixmix
Copy link

mixmix commented Sep 26, 2025

Update: after some great input from community, have opted to close #671 in favour of this proposal ❤️

@booniepepper booniepepper mentioned this pull request Sep 26, 2025
Closed
mixmix
mixmix reviewed Sep 29, 2025
View reviewed changes
rhalar
rhalar reviewed Oct 3, 2025
View reviewed changes
rhalar
rhalar reviewed Oct 3, 2025
View reviewed changes
@amvanbaren
Copy link

amvanbaren commented Oct 6, 2025

Hi! I don't know why, but I got notified about this issue. Any way I can help?

@booniepepper booniepepper force-pushed the add-vscode-extensions branch from ac6819f to 07a7a75 Compare October 7, 2025 03:32
@booniepepper
Copy link
Contributor Author

booniepepper commented Oct 7, 2025
edited
Loading

@amvanbaren The PR was waiting on me to update (which I have now) -- I'm not sure either, but the more eyes the merrier

mixmix
mixmix reviewed Oct 7, 2025
View reviewed changes
mixmix
mixmix approved these changes Oct 7, 2025
View reviewed changes
Copy link

@mixmix mixmix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once again, really appreciate the depth of everyones attention to detail, listening, and thoughtful dialogue. I think we've come to something which is better than any one of alone would have suggesting 🌈 🚀

rhalar
rhalar reviewed Oct 8, 2025
View reviewed changes
@booniepepper booniepepper force-pushed the add-vscode-extensions branch from 07a7a75 to 59afa0a Compare October 9, 2025 17:23
@booniepepper booniepepper requested review from mixmix and rhalar October 9, 2025 17:26
rhalar
rhalar reviewed Oct 13, 2025
View reviewed changes
@booniepepper booniepepper force-pushed the add-vscode-extensions branch from 59afa0a to 0b9bf69 Compare October 14, 2025 05:11
@booniepepper booniepepper requested a review from rhalar October 14, 2025 05:11
rhalar
rhalar reviewed Oct 15, 2025
View reviewed changes
@booniepepper booniepepper force-pushed the add-vscode-extensions branch from 0b9bf69 to 8bb58fd Compare October 15, 2025 20:00
@booniepepper booniepepper requested a review from rhalar October 15, 2025 20:01
@rhalar rhalar mentioned this pull request Oct 16, 2025
Merged
@alenmRL alenmRL mentioned this pull request Oct 21, 2025
Open
@booniepepper
Copy link
Contributor Author

booniepepper commented Oct 24, 2025

@pombredanne Looks like we've got all the comments addressed. Are you ready to take a look again?

mixmix
mixmix reviewed Oct 28, 2025
View reviewed changes
mixmix
mixmix reviewed Oct 29, 2025
View reviewed changes
@rhalar rhalar mentioned this pull request Nov 19, 2025
Merged
pombredanne
pombredanne approved these changes Dec 8, 2025
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@pombredanne pombredanne mentioned this pull request Dec 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pombredanne pombredanne pombredanne approved these changes

+5 more reviewers

@trevnorris trevnorris trevnorris left review comments

@mixmix mixmix mixmix approved these changes

@pohlarized pohlarized pohlarized left review comments

@matt-phylum matt-phylum matt-phylum left review comments

@rhalar rhalar rhalar approved these changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Proposed new type type: vsx Proposed new type

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@booniepepper @mixmix @amvanbaren @trevnorris @pombredanne @pohlarized @matt-phylum @rhalar @jkowalleck