Closed marcdumais-work closed 1 year ago
Thanks for the review @alvsan09 . I have done most of the suggested changes. We can sync-up and discuss further if you want.
Thanks @alvsan09 - I have pushed a new commit to address the newer feedback. (I will squash before merging)
I have also found an issue with some of the commands that would be too eager at finding (yarn/npm) lock files under node_modules
and then running license and vulnerability checks for these, finding extra dependencies that should be ignored (e.g. deep dev-dependencies).
In consequence, we now ignore lock files that have node_modules
in their relative path.
Add README-3PP-LICENSE-CHECK-AND-AUDIT.md to document how to perform license and vulnerability checks for vscode builtin extensions (internal and external).
Add script that clones and checks-out vscode external builtin repos.
src/get-external-builtins.js
When run, each external builtin repo is cloned and then checked-out, as per its definition in vscode's
product.json
file (section BuiltInExtensions).For convenience, also added a yarn script to run this: $> yarn get-external-builtins