Svelte for VS Code

`{file_path}` references cscript / wscript or the `//e:jscript` switch. WSH runs scripts outside the V8 sandbox with full Win32 and WMI access.

  	'Uint8ClampedArray',
  	'VBArray',
  	'VTTCue',
  	'VTTRegion',
  	'ValidityState',
  	'VarDate',
  	'VideoColorSpace',
  	'VideoPlaybackQuality',
  	'VisualViewport',
  	'WSH',
▶ 	'WScript',
  	'WaveShaperNode',
  	'WeakMap',
  	'WeakRef',
  	'WeakSet',
  	'WebAssembly',
  	'WebGL2RenderingContext',
  	'WebGLActiveInfo',
  	'WebGLBuffer',
  	'WebGLContextEvent',
  	'WebGLFramebuffer',

`{file_path}` references cscript / wscript or the `//e:jscript` switch. WSH runs scripts outside the V8 sandbox with full Win32 and WMI access.

  	'Uint8ClampedArray',
  	'VBArray',
  	'VTTCue',
  	'VTTRegion',
  	'ValidityState',
  	'VarDate',
  	'VideoColorSpace',
  	'VideoPlaybackQuality',
  	'VisualViewport',
  	'WSH',
▶ 	'WScript',
  	'WaveShaperNode',
  	'WeakMap',
  	'WeakRef',
  	'WeakSet',
  	'WebAssembly',
  	'WebGL2RenderingContext',
  	'WebGLActiveInfo',
  	'WebGLBuffer',
  	'WebGLContextEvent',
  	'WebGLFramebuffer',

`{file_path}` enumerates the entire process.env object rather than reading a specific variable. Common precursor to exfiltrating GITHUB_TOKEN, AWS_*, and similar credentials.

          if (params.processId === null) {
              params.processId = process.pid;
          }
      }
      createMessageTransports(encoding) {
          function getEnvironment(env, fork) {
              if (!env && !fork) {
                  return undefined;
              }
              const result = Object.create(null);
▶             Object.keys(process.env).forEach(key => result[key] = process.env[key]);
              if (fork) {
                  result['ELECTRON_RUN_AS_NODE'] = '1';
                  result['ELECTRON_NO_ASAR'] = '1';
              }
              if (env) {
                  Object.keys(env).forEach(key => result[key] = env[key]);
              }
              return result;
          }
          const debugStartWith = ['--debug=', '--debug-brk=', '--inspect=', '--inspect-brk='];

`{file_path}` enumerates the entire process.env object rather than reading a specific variable. Common precursor to exfiltrating GITHUB_TOKEN, AWS_*, and similar credentials.

  exports.resolve = resolve;
  /**
   * Resolve the global npm package path.
   * @deprecated Since this depends on the used package manager and their version the best is that servers
   * implement this themselves since they know best what kind of package managers to support.
   * @param tracer the tracer to use
   */
  function resolveGlobalNodePath(tracer) {
      let npmCommand = 'npm';
      const env = Object.create(null);
▶     Object.keys(process.env).forEach(key => env[key] = process.env[key]);
      env['NO_UPDATE_NOTIFIER'] = 'true';
      const options = {
          encoding: 'utf8',
          env
      };
      if (isWindows()) {
          npmCommand = 'npm.cmd';
          options.shell = true;
      }
      let handler = () => { };

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

                      }
                      else if (transport === TransportKind.pipe) {
                          pipeName = (0, node_1.generateRandomPipeName)();
                          args.push(`--pipe=${pipeName}`);
                      }
                      else if (Transport.isSocket(transport)) {
                          args.push(`--socket=${transport.port}`);
                      }
                      args.push(`--clientProcessId=${process.pid.toString()}`);
                      if (transport === TransportKind.ipc || transport === TransportKind.stdio) {
▶                         const serverProcess = cp.spawn(runtime, args, execOptions);
                          if (!serverProcess || !serverProcess.pid) {
                              return handleChildProcessStartError(serverProcess, `Launching server using runtime ${runtime} failed.`);
                          }
                          this._serverProcess = serverProcess;
                          serverProcess.stderr.on('data', data => this.outputChannel.append(Is.string(data) ? data : data.toString(encoding)));
                          if (transport === TransportKind.ipc) {
                              serverProcess.stdout.on('data', data => this.outputChannel.append(Is.string(data) ? data : data.toString(encoding)));
                              return Promise.resolve({ reader: new node_1.IPCMessageReader(serverProcess), writer: new node_1.IPCMessageWriter(serverProcess) });
                          }
                          else {

▶ line 14: \v\f\r\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x1B\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07 \x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07…

▶ line 14: \v\f\r\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x1B\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07 \x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07\x07…

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

      .map((file) => join(grammarDir, file));
  
  const allGrammars = [...grammars, ...dummyGrammars];
  
  /**
   *
   * @param  {Parameters<typeof spawn>} arg
   * @returns
   */
  function promisifySpawn(...arg) {
▶     const childProcess = spawn(...arg);
      return new Promise((resolve) => {
          childProcess.on('exit', (code) => {
              resolve(code);
          });
  
          childProcess.on('error', (err) => {
              console.error(err);
              resolve(1);
          });
      });

`{file_path}` imports child_process and calls exec / spawn / execFile / fork. Subprocess execution lets the extension pivot from the VSCode host into the user's shell.

          try {
              // This we run in Atom execFileSync is available.
              // Ignore stderr since this is otherwise piped to parent.stderr
              // which might be already closed.
              let options = {
                  stdio: ['pipe', 'pipe', 'ignore']
              };
              if (cwd) {
                  options.cwd = cwd;
              }
▶             cp.execFileSync('taskkill', ['/T', '/F', '/PID', process.pid.toString()], options);
              return true;
          }
          catch (err) {
              return false;
          }
      }
      else if (isLinux || isMacintosh) {
          try {
              var cmd = (0, path_1.join)(__dirname, 'terminateProcess.sh');
              var result = cp.spawnSync(cmd, [process.pid.toString()]);