marcdumais-work
commented
1 year ago Thanks for the review @alvsan09 . I have done most of the suggested changes. We can sync-up and discuss further if you want.
Closed marcdumais-work closed 1 year ago
marcdumais-work
commented
1 year ago Thanks for the review @alvsan09 . I have done most of the suggested changes. We can sync-up and discuss further if you want.
marcdumais-work
commented
1 year ago Thanks @alvsan09 - I have pushed a new commit to address the newer feedback. (I will squash before merging)
I have also found an issue with some of the commands that would be too eager at finding (yarn/npm) lock files under node_modules and then running license and vulnerability checks for these, finding extra dependencies that should be ignored (e.g. deep dev-dependencies).
In consequence, we now ignore lock files that have node_modules in their relative path.
Add README-3PP-LICENSE-CHECK-AND-AUDIT.md to document how to perform license and vulnerability checks for vscode builtin extensions (internal and external).
Add script that clones and checks-out vscode external builtin repos.
src/get-external-builtins.js
When run, each external builtin repo is cloned and then checked-out, as per its definition in vscode's
product.jsonfile (section BuiltInExtensions).For convenience, also added a yarn script to run this: $> yarn get-external-builtins