| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| 0.1.x | ✅ |
If you discover a security vulnerability:
- Do NOT create a public GitHub issue
- Use GitHub's "Report a vulnerability" feature in the Security tab
When using this library in your VS Code extension:
Always use createSecretStorage for sensitive data:
// Good - uses VS Code's secure storage
const apiKeyStorage = createSecretStorage(context, 'myExtension.apiKey');
await apiKeyStorage.set(apiKey);
// Bad - stores in plain text
await context.globalState.update('apiKey', apiKey);Validate user input before processing:
const input = await inputText({
prompt: 'Enter value',
validate: (value) => {
if (!value || value.trim().length === 0) {
return 'Value cannot be empty';
}
return undefined;
},
});Use safeExecute to prevent information leakage in error messages:
await safeExecute(logger, 'Operation', async () => {
// Your code here
}, {
userMessage: 'Operation failed. Please try again.',
});- No Network Access: This library does not make any network requests
- No File System Access: File operations are delegated to VS Code APIs
- Secure Storage: Secret storage uses VS Code's encrypted storage API