/** * VS Code Extension Scanner * * Scans .vsix files (VS Code extensions) for supply-chain malware indicators. * Accepts a local .vsix file path or an extension ID resolved against the * VS Code Marketplace (default) or the Open VSX registry. * .vsix files are ZIP archives containing the extension code. */ import type { ScanReport, Severity } from "./types.js"; /** Supported extension registries for extension-ID targets. */ export type VscodeRegistry = "marketplace" | "openvsx"; export interface VscodeScanOptions { /** .vsix file path or extension ID (publisher.name) */ target: string; /** Output format */ format: "text" | "json" | "markdown" | "sarif" | "sbom"; /** Minimum severity to report */ minSeverity?: Severity; /** Registry to resolve extension IDs against (default: marketplace) */ registry?: VscodeRegistry; } /** * Scan a VS Code extension (.vsix file or marketplace ID). */ export declare function scanVscodeExtension(options: VscodeScanOptions): Promise; /** * Resolve the .vsix download URL for an extension ID on a given registry. * * - marketplace: deterministic gallery.vsassets.io URL pattern (no metadata request) * - openvsx: fetches https://open-vsx.org/api/{namespace}/{name} and reads files.download * * The .vsix analysis itself is registry-agnostic; only this URL construction branches. */ export declare function resolveVsixDownloadUrl(extensionId: string, registry?: VscodeRegistry): Promise; //# sourceMappingURL=vscode-scanner.d.ts.map