Skip to content

macgeneral/uVSCEM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

76 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

uVSCEM

PyPI - Version PyPI - Python Version PyPI - Implementation PyPI - License
Lint Test codecov uv ruff ty

uVSCEM is a VS Code extension installer for restricted environments.

It helps when normal extension installation fails because of proxy issues, controlled outbound access, or air-gapped workflows. It can also export and import offline extension bundles.

What it does

  • Reads extension IDs from your devcontainer.json.
  • Downloads VSIX packages and marketplace signatures.
  • Verifies extension signatures using vsce-sign.
  • Installs extensions in a DevContainer-compatible way.
  • Supports offline bundles (export and import).

Requirements

  • Python 3.10+
  • VS Code CLI (code) available in your environment
  • Access to your devcontainer.json

Platform support

uVSCEM auto-detects common VS Code runtime environments and can fall back to local CLI discovery on macOS and Windows.

The primary tested target is still Linux, especially DevContainer and VS Code Remote (.vscode-server) environments.

Install

Pre-built binaries (since v1.0.4)

Self-contained binaries compiled with Nuitka with no Python requirement are available on the Releases page for the following platforms:

Platform File
Linux x64 uvscem-linux-x64
Linux arm64 uvscem-linux-arm64
macOS arm64 uvscem-macos-arm64
Windows x64 uvscem-windows-x64

Download the binary for your platform, make it executable, and run it directly:

# Linux / macOS
chmod +x ./uvscem-<os>-<arch>
./uvscem-<os>-<arch> install --config-name ./devcontainer.json

Replace <os>-<arch> with one of: linux-x64, linux-arm64, macos-arm64.

macOS note: The binary is not code-signed. To remove the quarantine flag after downloading:

xattr -d com.apple.quarantine ./uvscem-macos-arm64

Verifying binary integrity

Each release includes a checksums.sha256 file and per-binary Sigstore bundles (e.g. uvscem-linux-x64.bundle).

Verify the checksum:

sha256sum -c checksums.sha256 --ignore-missing

Verify the Sigstore signature (requires cosign):

cosign verify-blob \
  --bundle uvscem-linux-x64.bundle \
  --certificate-identity-regexp "https://github.com/macgeneral/uVSCEM/.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  uvscem-linux-x64

Python package

pip install uvscem

You can also use uv tool mode or pipx if you prefer:

uv tool install uvscem

uv tool install creates an isolated tool environment managed by uv (separate from your current project virtual environment), so it does not install packages into your active .venv.

Quick start (DevContainer)

Add uVSCEM to your container image, then call it from postAttachCommand:

{
  "postAttachCommand": "uvscem install --config-name /path/to/devcontainer.json"
}

This installs (and updates) extensions listed in your config each time the container is attached.

Commands

Full CLI reference (all options and reasoning): docs/cli.md

Install extensions directly:

uvscem install --config-name ./devcontainer.json

Pinning is supported in devcontainer.json using publisher.extension@version:

{
  "customizations": {
    "vscode": {
      "extensions": [
        "dbaeumer.vscode-eslint@3.0.10"
      ]
    }
  }
}

Export an offline bundle:

uvscem export --config-name ./devcontainer.json --bundle-path ./uvscem-offline-bundle

By default the bundle includes the vsce-sign binary for the current platform only. To bundle binaries for all platforms (useful when sharing the bundle across machines):

uvscem export --config-name ./devcontainer.json --vsce-sign-targets all

Or specify individual targets:

uvscem export --config-name ./devcontainer.json --vsce-sign-targets linux-x64,linux-arm64,darwin-arm64,win32-x64

Supported --vsce-sign-targets values: current (default), all, or a comma-separated list of linux-x64, linux-arm64, linux-arm, alpine-x64, alpine-arm64, darwin-x64, darwin-arm64, win32-x64, win32-arm64.

Import an offline bundle without network access:

uvscem import --bundle-path ./uvscem-offline-bundle --strict-offline

By default, import verifies manifest.json.asc when present. If you need legacy behavior, you can explicitly disable this check:

uvscem import --bundle-path ./uvscem-offline-bundle --skip-manifest-signature-verification

Optional manifest authenticity checks:

uvscem export --config-name ./devcontainer.json --manifest-signing-key YOUR_GPG_KEY_ID
uvscem import --bundle-path ./uvscem-offline-bundle --verify-manifest-signature

Extension installs require marketplace signature metadata by default. To allow unsigned extension installation (not recommended), use:

uvscem install --config-name ./devcontainer.json --allow-unsigned

For edge proxy/mirror setups, you can relax URL/TLS behavior explicitly:

uvscem install --config-name ./devcontainer.json --allow-untrusted-urls
uvscem install --config-name ./devcontainer.json --disable-ssl
uvscem install --config-name ./devcontainer.json --ca-bundle /path/to/corporate-root-ca.pem

The same flags are available on export.

Proxy note

uVSCEM follows standard proxy environment variables such as HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.

Environment variables

Variable Description
UVSCEM_VSCODE_ROOT Override the VS Code data root (where extensions/ and extensions.json live). Useful when auto-detection resolves the wrong path on macOS or Windows.
UVSCEM_RUNTIME Override the detected runtime environment. Accepted values: local, vscode-server, vscode-remote.
HTTP_PROXY / HTTPS_PROXY / NO_PROXY Standard proxy variables respected by all HTTP requests.
REQUESTS_CA_BUNDLE / CURL_CA_BUNDLE Override the CA bundle used by Requests when no --ca-bundle CLI flag is provided.

Example:

UVSCEM_VSCODE_ROOT="$HOME/.vscode" uvscem install --config-name ./devcontainer.json

Why this exists

uVSCEM is a practical workaround for known VS Code proxy/devcontainer limitations, including:

Contributing

Development setup, testing, and release details are in CONTRIBUTING.md.

A big thank you to the following people

About

unofficial VSCode Extension Manager

Resources

License

Contributing

Stars

Watchers

Forks

Packages

 
 
 

Contributors