Broaden NPM detection for VS Code extensions#1801
Open
pjcollins wants to merge 1 commit intomicrosoft:mainfrom
Open
Broaden NPM detection for VS Code extensions#1801pjcollins wants to merge 1 commit intomicrosoft:mainfrom
pjcollins wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Context: microsoft#1348 Context: microsoft/vscode#295040 Commit a209393 added logic to ignore NPM dependencies declared in a package.json file if it belonged to a VS Code extension. This was done to ignore warnings for out of date package versions that are built directly into VS Code, however it also limits detection capabilities for all VS Code extension files. A change was made to bump the built in package versions in VS Code in commit microsoft/vscode@e987c52 which should allow us to revert this change and restore broader NPM detection for VS Code extensions.
Member
Author
Contributor
There was a problem hiding this comment.
Pull request overview
This PR restores full npm package.json detection for VS Code extensions by removing the special-case logic that previously skipped packages declaring a vscode engine, aligning behavior with the updated VS Code built-in package versions.
Changes:
- Remove VS Code extension skip logic from
NpmComponentDetector(no longer ignoresengines.vscode). - Bump
NpmComponentDetectorversion to reflect the behavior change. - Update unit tests to assert that VS Code engine packages are detected (including the malformed
engines-as-array case).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs |
Removes VS Code engine-based skip behavior and increments detector version. |
test/Microsoft.ComponentDetection.Detectors.Tests/NpmDetectorTests.cs |
Updates tests to expect detection for packages with engines.vscode (object and array cases). |
dtivel
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context: #1348
Context: microsoft/vscode#295040
Commit a209393 added logic to ignore NPM dependencies declared in a
package.json file if it belonged to a VS Code extension. This was done
to ignore warnings for out of date package versions that are built
directly into VS Code, however it also limits detection capabilities for
all VS Code extension files.
A change was made to bump the built in package versions in VS Code in
commit microsoft/vscode@e987c52
which should allow us to revert this change and restore broader NPM
detection for VS Code extensions.