Skip to content

Broaden NPM detection for VS Code extensions#1801

Merged
grvillic merged 1 commit intomicrosoft:mainfrom
pjcollins:enableNpmVSCodeExtensionDetection
May 1, 2026
Merged

Broaden NPM detection for VS Code extensions#1801
grvillic merged 1 commit intomicrosoft:mainfrom
pjcollins:enableNpmVSCodeExtensionDetection

Conversation

@pjcollins
Copy link
Copy Markdown
Member

@pjcollins pjcollins commented Apr 27, 2026

Context: #1348
Context: microsoft/vscode#295040

Commit a209393 added logic to ignore NPM dependencies declared in a
package.json file if it belonged to a VS Code extension. This was done
to ignore warnings for out of date package versions that are built
directly into VS Code, however it also limits detection capabilities for
all VS Code extension files.

A change was made to bump the built in package versions in VS Code in
commit microsoft/vscode@e987c52
which should allow us to revert this change and restore broader NPM
detection for VS Code extensions.

@pjcollins
Broaden NPM detection for VS Code extensions
13701ea 
Context: microsoft#1348
Context: microsoft/vscode#295040

Commit a209393 added logic to ignore NPM dependencies declared in a
package.json file if it belonged to a VS Code extension. This was done
to ignore warnings for out of date package versions that are built
directly into VS Code, however it also limits detection capabilities for
all VS Code extension files.

A change was made to bump the built in package versions in VS Code in
commit microsoft/vscode@e987c52
which should allow us to revert this change and restore broader NPM
detection for VS Code extensions.
@pjcollins pjcollins requested a review from a team as a code owner April 27, 2026 22:18
@pjcollins
Copy link
Copy Markdown
Member Author

pjcollins commented Apr 27, 2026

FYI @rzhao271 and @dtivel

Copilot AI reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restores full npm package.json detection for VS Code extensions by removing the special-case logic that previously skipped packages declaring a vscode engine, aligning behavior with the updated VS Code built-in package versions.

Changes:

  • Remove VS Code extension skip logic from NpmComponentDetector (no longer ignores engines.vscode).
  • Bump NpmComponentDetector version to reflect the behavior change.
  • Update unit tests to assert that VS Code engine packages are detected (including the malformed engines-as-array case).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/Microsoft.ComponentDetection.Detectors/npm/NpmComponentDetector.cs Removes VS Code engine-based skip behavior and increments detector version.
test/Microsoft.ComponentDetection.Detectors.Tests/NpmDetectorTests.cs Updates tests to expect detection for packages with engines.vscode (object and array cases).

@pjcollins
Copy link
Copy Markdown
Member Author

pjcollins commented Apr 30, 2026

@RushabhBhansali Let me know if there is anything missing here or if there is anything I can do to help move this along, thanks.

@grvillic grvillic merged commit 4c08ecd into microsoft:main May 1, 2026
15 of 16 checks passed
@codecov
Copy link
Copy Markdown

codecov Bot commented May 1, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.0%. Comparing base (c49cd23) to head (13701ea).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@     Coverage Diff      @@
##   main   #1801   +/-   ##
============================
============================

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@grvillic grvillic grvillic approved these changes

@RushabhBhansali RushabhBhansali Awaiting requested review from RushabhBhansali RushabhBhansali is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

+1 more reviewer

@dtivel dtivel dtivel approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pjcollins @dtivel @grvillic