microsoft / vsmarketplace Goto Github PK

Issue Type: Bug

VS code and Marketplace automatically prefixes the links in the Readme of the package as per the homepage URL set in the package.json file.

In my case, it is prefixing a non-link as well. At multiple places, I am displaying regex statements to the users but the homepage URL is prefixed inside a regex. I am already wrapping regex with backticks so they are not actually considered links.

My regex for this line is: ^\s*return view\(['"](.*?)['"].*\).*$

I have read the related documentation page already.

VS Code version: Code 1.44.2 (ff915844119ce9485abfe8aa9076ec76b5300ddd, 2020-04-16T17:50:03.709Z)
OS version: Linux x64 4.15.0-99-generic

(this was testing a vscode issue, please ignore)

From @stoneC0der

I was having issue when trying to upload my extension, the error was the JSON output below

{"$id":"1","customProperties":{"Descriptor":null,"IdentityDisplayName":null,"Token":null,"RequestedPermissions":0,"NamespaceId":"00000000-0000-0000-0000-000000000000"},"innerException":null,"message":"Access Denied: The Personal Access Token used has expired.","typeName":"Microsoft.VisualStudio.Services.Security.AccessCheckException, Microsoft.VisualStudio.Services.WebApi","typeKey":"AccessCheckException","errorCode":0,"eventId":3000}

After some googling I decided to look at vsce help from the terminal to found additional command I was not familiar with, one of these was to list all publisher, logout and delete

I mistakenly created several publishers but the issue was that the original theme was StoneC0der but I at some point created a PAT using the wrong spelling instead of StoneC0der I had Stonec0der & stoneCoder.
Since I couldn't not figure out the correct publisher ID (which I did later on but too).

I decided to logout all publishers and then was tempted to delete them since I was now getting error like this:

Error: Access Denied: <sometoken was here> needs the following permission(s) on the resource /StoneC0der to perform this action: View user permissions on a resource

Unfortunately (did not expected it but feel natural) my extension was gone from the market place.
I created a publisher with the same ID and had to republish the extension

My question is, is everything really lost?
I notice that after publishing the extension et searching for it from vscode show me the install button and all the metrics are gone.

Basically it seams that those who using it will not see this update, site like vscodethemes still show the theme with their own metric but point to the newly published theme.

I guess what I want to know if it possible to get the metrics back (really don't think it possible but just hope) and how to notify users about this unexpected change.

Thanks and sorry I sound confusing

Extensions website is not mobile responsive. Viewing is as-if on legacy "desktop site"

Hi.

Back in 2017 I created this extension published here:
https://marketplace.visualstudio.com/items?itemName=felipe.nasc-touchbar

But something went wrong when a new login system kicked in.
You can see the user, author of the extension is Felipe.

But when I sign in with my (more than 10 years old e-mail), it tells me I have no published extensions!

(https://aex.dev.azure.com/me?mkt=en-US)

It seems like these are two different accounts (one, felipe, the other, felipenmoura).
I do believe I had created and published it using my main e-mail account. But the administration panel was very different back then.

I even thought I could have signed in using my skype account...then I logged in with it and could "merge" both accounts...still, I can't administer the extension from the panel!

This extension has about 20k downloads and I have already accepted a few new PRs with improvements, but I simply can't publish the new releases!

How you think I could solve this?

Issue Type: Bug

I currently have a color theme I am working on but the overview doesn't link to the repo's README. The docs say it should automatically be picked up from the provided repo in package.json under the master branch. Am I missing something?

Extension page: blackbird
Repo: Matt-Gleich/blackbird

VS Code version: Code - Insiders 1.55.0-insider (6ebe2a14f3722bc2582ecd8108d0a71dfdd46036, 2021-03-25T16:23:16.288Z)
OS version: Darwin x64 20.3.0

the vs code extension marketplace only supports extensions being marked as FREE:

Some extensions however are actually FREE TRIAL, so it would be good to let an extension declare this so people get a clearer understanding of what they are installing.

The default should always be FREE, so this option (I assume in package.json) would be to let the publisher override this.

Please add a link to https://marketplace.visualstudio.com/ to make clear which marketplace this repo relates to.

This issue is transferred from: NuGet/NuGetGallery#8135

This issue has been moved from a ticket on Developer Community.

Hello

Is it possible to get historical data displayed for publishers - from the time the extension was published. Currently it is limited to past 180 days window, which is very limiting. Can you expand that to as much as possible.

I am primarily interested in two improvements

1. Extending the current report window (180 days). Idealy this window would be 1 year +... if not, since the very first day extension was introduced on the marketplace.

2. Ability to filter by geography - per country and continent... when this info is known. I am OK with having a pool of people who are also 'unknown' if geo info is not available.

Thanks

Original Comments

Jane Wu [MSFT] on 5/14/2019, 01:52 AM:

Thank you for taking the time to provide your suggestion. We will do some preliminary checks to make sure we can proceed further. We'll provide an update once the issue has been triaged by the product team.

Your suggestion has been queued up for prioritization. Feature suggestions are prioritized based on the value to our broader developer community and the product roadmap. We may not be able to pursue this one immediately, but we will continue to monitor it up to 90 days for community input

Stefan Stefanov on 7/2/2019, 10:50 AM:

I also believe this would be very beneficial, as the current date is not enough to make any conclusions.

Gabriel Torok on 12/2/2019, 06:10 AM:

Likewise, this would be helpful for us as well.

Katie DeSantis on 12/2/2019, 06:32 AM:

We too would benefit from this information

Dan Wright on 12/2/2019, 08:44 AM:

This would be really beneficial for us too.

Thanks.

andre rolle on 12/2/2019, 03:35 PM:

Yes we definitely need this information to help improve our capabilities in improving how we create and published our application in visual studios marketplace.

andre rolle on 12/2/2019, 03:49 PM:

The management of Microsoft would change there mind in extending the 90 days to at least 1 year if possible. We as developers and others who interact with creating and publishing an application or software to visual studios marketplace. Really need this information to improve everything we do to make our app 100% functional an smooth going.

From @rchiodo

Our extension has this list currently:

Some of these work with insiders and some of these work with VS code. Users frequently try installing the latest version and don't realize why it doesn't work with their version of VS code.

Some indication of the version a vsix works with would be nice (or some way for us to put it into the version information).

### THE PROBLEM
Not a rare situation when for an extension has lots of installs, 5 stars, BUT it is outdated and rated by a small percent of users. To find this out we have to do an additional manual research which can easily be eliminated and make extensions info more representative.

### PROPOSED SOLUTION
When browsing Extensions, add the following info:

1. Deinstallations count
   To understand the level of real usability
2. Rated by users (qty of users rated an Extension) - add text info
   The hover popup is not enough, need to have this info in the list and in the Extension details page
3. The date of the last update
   Please add this info next to the build state.

Describe the bug
A clear and concise description of what the bug is.
I could not create publisher using https://marketplace.visualstudio.com/manage/createpublisher because of our gov is blocking us from google.
To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. The page will continue loading until timeout.
3. When click button Create, nothing happened.

Additional context
I cannot get access to https://www.google.com/recaptcha/api.js, so I would not create publisher now. Is there any other way to create publisher?

These should not be shown anymore

Describe the bug
On https://marketplace.visualstudio.com/manage/publishers/tyriar clicking into the extensions and using the arrows to navigate shows the focus border shifting the content around. It also shows briefly when right clicking.

The likely fix here is to use outline not border as it wraps the element like border, just without affecting the flow of the page.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://marketplace.visualstudio.com/vscode
2. Click on Publish Extensions
3. Click on an extension
4. Use the arrows

Desktop (please complete the following information):

• OS: [e.g. iOS] Windows 10
• Browser [e.g. chrome, safari]

Microsoft Edge
Version 90.0.803.0 (Official build) dev (64-bit)

I created a publisher named zbr and manually uploaded my extension to it but it seams impossible to setup the CLI vsce for publishing as one. Based on what I read on microsoft/vscode-vsce#507 i believe I am not the only one confused by the weird authentication setup.

My account [email protected] is listed as owner of zbr publisher and I tried generating a PAT from https://dev.azure.com/sorinsbarnea/_usersSettings/tokens but it does not work when I try to use it to login using vsce, I always get Failed request: (401).

The page from https://marketplace.visualstudio.com/_apis/connectiondata does report something like:

{
"authenticatedUser": {
"id": "51559800-adb9-4df8-b696-062e0700bccc",
"descriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]",
"subjectDescriptor": "msa.MmYwYTg5NWEtYjVkMi03MzVmLTg3ZjMtODEzNjI2ZTEyMjNj",
"providerDisplayName": "Sorin Sbarnea",
"isActive": true,
"properties": {
"Account": {
"$type": "System.String",
"$value": "[email protected]"
}
},
"resourceVersion": 2,
"metaTypeId": 255
},
"authorizedUser": {
"id": "51559800-adb9-4df8-b696-062e0700bccc",
"descriptor": "Microsoft.IdentityModel.Claims.ClaimsIdentity;[email protected]",
"subjectDescriptor": "msa.[CENSORED]",
"providerDisplayName": "Sorin Sbarnea",
"isActive": true,
"properties": {
"Account": {
"$type": "System.String",
"$value": "[email protected]"
}
},
"resourceVersion": 2,
"metaTypeId": 255
},
"instanceId": "2663b13f-50e3-a655-a159-22f6f4725fab",
"deploymentId": "2663b13f-50e3-a655-a159-22f6f4725fab",
"deploymentType": "hosted",
"locationServiceData": {
"serviceOwner": "00000029-0000-8888-8000-000000000000",
"defaultAccessMappingMoniker": "PublicAccessMapping",
"lastChangeId": 71900,
"lastChangeId64": 71900
}
}

Update

After generating full access to all organizations on my PAT, the error message changed from 401 into:

 ERROR  Access Denied: Microsoft.IdentityModel.Claims.ClaimsIdentity;3c44d198-864f-4224-bf6d-da60d60fe01d\[email protected] needs the following permission(s) on the resource /zbr to perform this action: View user permissions on a resource
Time: 0h:00m:03s

I am not sure what this means, but somehow I feel that the dev.azure.com user is different than the one used by the marketplace. At the same time the system fails to give any hints regarding the the kind of magic required to authenticate on dev.azure.com using exactly the same user.

If I try to access the directory switch option, I can see:

Switch to another directory

You are currently connected to the pycontribs Azure Active directory. Select a directory.
Current directory
pycontribs
pycontribs.onmicrosoft.com
3c44d198-864f-4224-bf6d-da60d60fe01d
Directories
Microsoft
19d5f71f-6c9a-4e7f-b629-2b0c38f2b167
Default Directory
9e952b40-c064-4d13-be06-e9490f7ff438
Microsoft Account
[email protected]

Still, this does not tell me which kind of directory I am support to use

Issue Type: Bug

I'm trying to find some ASP.NET Core Snippets pack, input "aspnet", only one extension appears, and after I input "aspnet core", many extensions pop up, including those snippets pack extensions.

VS Code version: Code 1.22.2 (3aeede733d9a3098f7b4bdc1f66b63b0f48c1ef9, 2018-04-12T16:38:45.278Z)
OS version: Windows_NT x64 10.0.16299

https://marketplace.visualstudio.com/items?itemName=usernamehw.errorlens

Having a link with description in README.md:

* [OnClick event on Gutter microsoft/vscode#5455](https://github.com/microsoft/vscode/issues/5455)

It transforms it into 2 links, one of which is broken:

https://github.com/usernamehw/vscode-error-lens/issues/5455

On latest Android Edge.

Repro:

1. Open reviews for an extension (eg. https://marketplace.visualstudio.com/items?itemName=ms-python.python&ssr=false#review-details )
2. Click Read More on one of the comments

Issue Type: Bug

remote-WSL拓展包删除后，窗口左下角让就显示链接远程窗口的图标并且提示用github登录。

VS Code version: Code - Insiders 1.55.0-insider (d06d2f1d6245ce00b1c36a9cd81a9087d225173e, 2021-03-26T14:01:14.867Z)
OS version: Windows_NT x64 10.0.19042

It would be useful if extension authors can unpublish only a single version from Marketplace.

Use case: an author noticed the latest version of their extension includes a serious bug, but cannot find its cause soon. Currently, end users download the broken version until the author fix the bug and publish a new version. If the feature described above is implemented, the author can unpublish the latest one soon and set about bug fix without hurrying.

Sourcehut has a build service [doc] that provides badges that can be displayed to show CI status in repositories.

All badges I know of are of the form https://builds.sr.ht/~<user>/<repository>.svg, e.g. (links to svg instead of the normal build pipeline):

Example page for viewing builds: ~sircmpwn/builds.sr.ht.

Would it be possible to add Sourcehut as a trusted SVG provider?

My extension Patch is still being verified. It has been in this state for around 14 hours!
Also, the number of downloads Spicked from 18k to 108k, which indicates the validation bot is in an infinite loop.

https://marketplace.visualstudio.com/items?itemName=allanoricil.salesforce-soql-editor

@DonJayamanne commented on Thu Feb 18 2021

Steps to Reproduce:

1.Attempt to upload the vsix to the marketplace portal
2.We get an error indicating its failing, here's the issue:

@sandy081 /cc

Does this issue occur when all extensions are disabled?: N/A

@sandy081 commented on Thu Feb 18 2021

cc @prashantvc

@prashantvc commented on Thu Feb 18 2021

@DonJayamanne could you email to [email protected]?
Is this is the extensions? https://marketplace.visualstudio.com/items?itemName=ms-toolsai.jupyter

@DonJayamanne commented on Thu Feb 18 2021

We managed to solve this issue. A .so file was incldued into the extension accidentally (due to python package) & we believe thats what caused the package to get rejected. Would be good to get a more meaningful message.

Thanks, closing as we have resolved this.

@DonJayamanne commented on Mon Feb 22 2021

Re-opening as we're running into this yet again, & it would be good to know what's wrong with the package.
I've excluded *.so files, and still failing.
I have attached the file here.
ms-toolsai-jupyter-insiders.4.vsix.zip

Is this is the extensions? marketplace.visualstudio.com/items?itemName=ms-toolsai.jupyter
Yes

Will send the email as well.

@prashantvc commented on Sat Feb 20 2021

@rheajain can you take a look at this please?

@DonJayamanne commented on Mon Feb 22 2021

@prashantvc @rheajain Is there anyone we can email to try to expedite this? Thanks

@DonJayamanne commented on Mon Feb 22 2021

@rchiodo @IanMatthewHuff @greazer /cc

@DonJayamanne commented on Tue Feb 23 2021

@fiveisprime /cc

There should be a link to this repo on the marketplace footer so it's easy to discover.

Feature request: implement 2FA like npm does

VS Code extensions are a serious attack vector to consider. Because they can access Node API and there is no sandbox, they can read the contents of private keys, publish tokens, ~/.vsce, ~/.npmrc, ~/.ssh/* and the like, then send it over network. Attackers will target extension owners so they can publish malicious code, like it has happened so many times with npm packages.

I'd like vsce to ask for an OTP when I do vsce publish:

To protect your packages, as a package publisher, you can require everyone who has write access to a package to provide a one-time password in addition to their login token when they publish the package to the registry

Also, a compromised extension might have severe economical consequences for commercial extensions.

Thank you

Having option to search for an extension in Marketplace is nice, but it would be nicer if I could make some more sophisticated search, e.g. excluding something words from results.

For example, I'm looking for redux related extension

Most of these extensions are snippets, so I would like to filter them out (I don't need snippets), I tried something like this:

redux -snippets (extensions containing redux, but not snippets)

but this apparently does not work.

Is there a possibility to add such feature to VSCode in future versions?

I think using lowercase file extension is more conventional.

From @dacookie

I think the title is quite clear: it could be great to add an "official" label (or any other name, you get the point) for extensions in VSCode, meant to highlight official frameworks, languages or even packages extensions.

As an example, if you search extensions for C#, the first extension you should see in the list is the C# extension by Microsoft, which add some core features for the language like syntax highlighting. But there's a lot of other extensions named C# something, which are great, but "only" meant to add additional features, and created by users, not the language authors. I fiind it confusing, especially for new users.
And this is also real for many frameworks, languages, engines or packages: Unity, Node.js, Java, C++, Angular, React, ...

I don't know right now how it can be achieved (should authors be able to claim for the label or only VSCode team can set it, what exactly is considered official, ...), I'm just dropping the idea here for now :)

Issue Type: Bug

The vscode-icons extension is listed as being authored by the "VSCode Icons Team". I am not sure if this means that it's a first-party extension, from the authors of VSCode, or an unrelated group that decided to take the same name.

Just like Apple does not permit apps in the App Store to masquerade as being from Apple when they're not, it should be clearer in the app store if extensions are authored by the VSCode core team.

VS Code version: Code 1.41.0 (9579eda04fdb3a9bba2750f15193e5fafe16b959, 2019-12-11T17:58:38.338Z)
OS version: Darwin x64 18.7.0

On https://marketplace.visualstudio.com/manage/publishers/tyriar, see how the icons aren't center aligned like the text

This CSS rule fixes the problem:

.vss-DetailsList.ms-DetailsList .ms-List-cell .ms-DetailsRow .vss-DetailsList--titleCellIcon {
    align-items: center;
}

Problem

Today it is difficult to:

• Verify publisher identity
• Identify extensions from "official" entities
• Differentiate the original author of an extension among several forks

Goals

• Verify publisher identity – I am who I say I am
• Anyone can get verified
• Easily understandable to users of all experience levels
• Verified credentials viewable in 1 click or less

High Level Proposal

I propose to verify publisher identity using social proofs (proof of ownership of related repository, domains, and social media) through OAuth and other means.

Very similar to the suggestion outlined in https://haacked.com/archive/2019/05/10/friend-signing-packages/.

Prior art

• Pub.dev verified publishers
  
• GitHub verified organizations
  
• NuGet reserved prefix namespaces
  

Related issues

• Add an "official" or "highlight" label for extensions #37

From @PeterWone in microsoft/vscode#119713

The publishing page https://code.visualstudio.com/api/working-with-extensions/publishing-extension says that I can't ship SVG resource and they must be loaded from trusted sources "for security reasons".

I looked into why, and discovered SVG supported embedded or linked scripts with a script tag similar to the HTML script tag.

• No browser I could find would allow this script to run when the image is loaded from the internet
• When the image is loaded from the local filesystem by a browser, the scripts are loaded and can run but the same-source policy prevents them from doing much.

If SVG is a threat for VS Code then presumably VS Code fails to enforce the same source policy. If so, that's not well thought through. There is absolutely nothing stopping an extension from pulling files from the general internet and putting them into the file system after the extension is installed. For that matter you can't stop me from embedding SVG files as strings and saving them to the filesystem on first run.

If the risk is in the WebView pages then why not sanitise the SVG by the simple expedient of stripping all script tags and their content? Their mere presence reveals malice afoot so an alert to the user would not be out of place. Or even just look for <script> and barf on finding it. MalwareException: 'nasty.svg' contains script.

Disallowing SVG in extension bundles is not an effective threat mitigation. Sanitising could be effective if it were applied universally.

See #5
Would be helpful if marketplace returns a meaningful message when the package is malformed.
Last week and Monday I was unable to publish the extension (see #5).
There were two reasons:

• Version number contained the suffix -dev, apparently this isn't allowed

  • Late monday, I received a more meaningful message that -dev wasn't allowed.
  • Either a change was pushed to the marketplace that provided a more meaningful message or the validation returned due to the duplicate file name

• VSIX contained two files that were the same but differing by casing

  • Would be great if marketplace returned a message indicating this.

Describe the bug

I don't understand the different numbers presented in the reports.

On extension page:

In vscode:

On reports:

Note that the extension was published for the first time within the past 90 days. I can understand that there could be some discrepancy due to caching time or something but I do not understand what the difference between "Till Date" and "Last 90 Days" is, and why "Last 90 Days" is so much larger than every other number.

To Reproduce
Steps to reproduce the behavior:

1. Go to https://marketplace.visualstudio.com/vscode
2. Click Publish Extensions
3. Click an extension

Describe the bug

When I publish a new version of Luna Paint I see this for several minutes:

While it's possible this could be a client issue, it seems much more likely that the marketplace is exposing the package in an invalid state while publish happens in the background. The old version should be exposed until the new one is actually ready to go.

cc @sandy081

To Reproduce
Steps to reproduce the behavior:

1. Publish an extension
2. Try install it in stable or insiders

Expected behavior
No error should occur for users due to publishing.

Desktop (please complete the following information):

Version: 1.54.0-insider (user setup)
Commit: e7989863202eac0ec4e66ca82733d968bca7527a
Date: 2021-03-01T21:11:33.783Z
Electron: 11.3.0
Chrome: 87.0.4280.141
Node.js: 12.18.3
V8: 8.7.220.31-electron.0
OS: Windows_NT x64 10.0.19042

Version: 1.53.2 (user setup)
Commit: 622cb03f7e070a9670c94bae1a45d78d7181fbd4
Date: 2021-02-11T11:48:04.245Z
Electron: 11.2.1
Chrome: 87.0.4280.141
Node.js: 12.18.3
V8: 8.7.220.31-electron.0
OS: Windows_NT x64 10.0.19042

This is a feature request for basic extension usage telemetry.

Many platforms show app/extension developers basic statistics such as installs per day, uninstalls per day, daily active users, etc.

If it is done in the core product and made available to developers through the marketplace management dashboard, the data will benefit ALL extension developers while ensuring proper information and protections for users. If extension developers have to do this themselves, they may not all reach an appropriate level of security, anonymization, consent, or user notification.

At my current client I'm forced to develop on a Citrix VM that's blocked from Internet access.

So I need to download Visual Studio Code and all extensions on my local machine, copy them to the VM and install them from there.

Currently, the latest German Language Pack extension (v1.34.0) doesn't match the latest VS Code version (1.33.1), so I cannot install:

So, please add an option to Marketplace to allow for downloads of older extension versions.

This is what the current footer looks like:

Some issues I see:

• Copyright 2019?
• The Microsoft logo coming from a spritemap has 1px on the right from the following image
• It says Microsoft Microsoft, the logo adds little without the MS 4 square s

1. Open https://marketplace.visualstudio.com/items?itemName=johnpapa.winteriscoming
2. Click on a tag with whitespace: Light Theme
3. It shows query tag:Light Theme https://marketplace.visualstudio.com/search?term=tag:Light%20Theme&target=VSCode&category=All%20categories&sortBy=Relevance

Which is basically all themes. I think the query should be tag:"Light Theme" https://marketplace.visualstudio.com/search?term=tag:%22Light%20Theme%22&target=VSCode&category=All%20categories&sortBy=Relevance

See Luna Theme 🤮

If the gif is animated the vsce endpoint should either reject it, or publish it with only the first frame of the gif.

Hello,

I'm not sure if I'm asking here right, but I hope someone can help or direct me in a better direction.

I'm an extension author. I want to publish an update of my extension. However, it is been a long time since I last published the extension and my PAT expired.

I know that the solution is to login to my organization at dev.azure.com/myorg and create a new PAT. However, I do not remember what organization I created. Moreover, I even do not know what account I used to create my PAT.

So I have only my publisher's name. Is it possible to find out organization and/or account that is associated with this PAT?

Any idea would help and please - do not laugh too much ;-)

Pavel

The review system on the Marketplace for extensions borders on useless for popular. The Prettier extension get a fairly high volume of reviews that generally fall into two categories 1) "this suck/is broken/don't like" and 2) "This is great/love it/thanks". These reviews add nothing to the community and do nothing to support the work of open source developers.

I believe there are a few things that could be done fairly easily to encourage higher quality reviews. One is to require the users to authenticate with Github and to always display their real name. Currently, reviewers are able to post anonymously which - as in everything on the internet - results in horrible behavior.

Simply requiring users to Authenticate with Github and display their name and link to their Github profile would encourage a more civil discussion. Github profiles are usually associated with developers' professional lives so they are treated more carefully. It won't be perfect, but I think this will help.

Many reviews on the Marketplace for extensions end up being feature requests, issues, or general requests for help. It would be great if the Marketplace encouraged users to post issues or use the correct forums by showing something like the following on the review screen.

The Issue URL would be the bugs.url property, while the Support URL would be a new support.url property.

  "bugs": {
    "url": "https://github.com/prettier/prettier-vscode/issues"
  },
  "support": {
    "url": "https://stackoverflow.com/questions/tagged/prettier"
  },

VSC Marketplace pages

Steps to Reproduce:

1. Go to a page for a VSC extension: Select By
2. "Overview" tab is selected and URL has no ssr property in the query string or anchor name
3. Select the "Rating & Review" tab
4. Select the "Overview" tab. Now URL has ssr=false property in the query string and the anchor name #overview
5. Inspect the id of one of the headings
6. The id has changed compared to Step 2 and there is a class link-header added.

The id now has a prefix of user-content- and that will break the internal links like [overview](#overview)

Changing the ssr property to ssr=true shows the original html page.

I have updated the extension with internal links and the link href shows #move-by, but when clicked the anchor name is #user-content-move-by. Now the page scroll behavior is different for the internal links compared to the page with ssr=true.

What is the use of ssr query property for the Overview tab?

The file README.md from the extension is used by the Marketplace website. If you use [foo] followed by (bar) inside literal text, single and triple back tick, it is recognized as a Markdown link.

This construct happens easily in regular expressions.

\s*[^!@#](.*)

The .* is expanded to the full directory of the README.md file.

The Markdown syntax highlighting in VSC has a similar problem, it marks the text between () as a clickable link.

The Markdown Preview shows the literal text correct.

Describe the bug

A scroll bar shows up when the horizontal width is less than 1580px, this is a very high number and makes viewing the marketplace for example on half a 1080p monitor unpleasant. The layout also breaks when it's much less than that:

Microsoft Windows [Version 10.0.19042.804]
Version 90.0.796.0 (Official build) dev (64-bit)

Reading the README could leave the impression that this isn't the right place to raise issues related to publishing VSIX files for use by VS Code.

From microsoft/vscode-vsce#526

Once the MP enables this, we can do the same in VSCE and our docs.

Describe the bug

There should be some maximum number of tags visible (10-20?), with a ... or "load more" button to show them all

To Reproduce

Check out https://marketplace.visualstudio.com/items?itemName=jabacchetta.vscode-essentials

Screenshots
If applicable, add screenshots to help explain your problem.

Issue Type: Bug

There is 2x the same extension, one with an older version by another person and the other one is more up to date and by the official owner of the project.
Can you remove the old extension out of the marketplace?

VS Code version: Code 1.54.0 (42e27fe5cdc58539dad9867970326a297eb8cacf, 2021-03-03T02:17:36.640Z)
OS version: Windows_NT x64 10.0.19042