search

microsoft / vscode-vsce

VS Code Extension Manager
https://code.visualstudio.com/
Other
820 stars 208 forks source link

Validation of engine produces invalid results #1063

Open rH4rtinger opened 1 month ago

rH4rtinger commented 1 month ago

You are validating the engine and @types/node compatibility in the method https://github.com/microsoft/vscode-vsce/blob/c37ddd02af9d7e4471cfa4eb026a54edb7e4f481/src/validation.ts#L64

Basic setup

I have set the engine version to ^1.84.0 and the @types/version is ^1.84.0. According to semvar, this means every 1.x.

In my package-lock.json the @types/version is already 1.94.0 (current vscode version)

This validates as correct and I can built via vsce pack.

Odd behaviour

Now I set the @types/version to in my package.json to ^1.94.0. Semantically speaking, nothing has changed, because 1.94.0 was already included.

But now I get the error

ERROR @types/vscode ^1.94.0 greater than engines.vscode ^1.84.0. Either upgrade engines.vscode or use an older @types/vscode version.

This makes not much sense to me, as the user can literally bypass the validation on major and minor level when using the ^ at a version and fail the validation, if the version is still the same as the one that you can bypass it.

benibenj commented 1 month ago

The error you're seeing from vsce is a safety feature to prevent compatibility issues between your extension and the VS Code API. Here's why the behavior makes sense:

Compatibility Check: The engines.vscode version in your package (^1.84.0) indicates your extension is compatible with VS Code API versions starting from 1.84.0. Your @types/vscode declaration specifies the TypeScript types for the API, and when you set it to ^1.94.0, you're explicitly requiring a minimum VS Code API version of 1.94.0 for your extension.

Safety Mechanism: This version declaration mismatch can lead to your extension attempting to use API features in 1.94.0 that are not available in earlier versions (like 1.84.0), potentially causing runtime errors. vsce prevents this by enforcing that the @types/vscode version does not exceed the engines.vscode version.

Potential Issues: Users with VS Code versions between 1.84.0 and 1.93.x can still download and install your extension due to the engines.vscode range. However, since your extension uses types from 1.94.0, it might attempt to use API features that aren’t available in their versions, leading to errors or unexpected behavior.

rH4rtinger commented 1 month ago

I understand your points, but I still see this as a bug. I can download via npm with @types/version to ^1.84.0 any upper version, because the normal semvar rules allow me it.

That means: in my package.json: "@types/vscode": "^1.84.0",

in my package-lock.json: 

    "node_modules/@types/vscode": {
      "version": "1.93.0",
      "resolved": "https://registry.npmjs.org/@types/vscode/-/vscode-1.93.0.tgz",
      "integrity": "sha512-kUK6jAHSR5zY8ps42xuW89NLcBpw1kOabah7yv38J8MyiYuOHxLQBi0e7zeXbQgVefDy/mZZetqEFC+Fl5eIEQ==",
      "dev": true,
      "license": "MIT"
    },

and in my node_modules is also version 1.93.0 downloaded.

That means, I can use higher API features, because my local dependencies are higher than what you expect.

That means, a user with VS Code version 1.84.0 can download my extension and then might have issues with any higher API features I accidentally implemented