Skip to content

Add terminal quick fix for npm vulnerability warnings #281934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

Add terminal quick fix for npm vulnerability warnings #281934

Copilot wants to merge 6 commits into from
+39 −0

Conversation

Copy link
Contributor

Copilot AI commented Dec 8, 2025
edited
Loading

Adds terminal quick fix support for npm audit commands suggested in vulnerability warnings after npm install.

Changes

extensions/npm/package.json:

  • New terminalQuickFixes entry matching output containing "vulnerabilities"
  • Captures 2000 characters, 20 lines of context from terminal bottom

extensions/npm/src/npmMain.ts:

  • Quick fix provider extracts npm audit commands line-by-line
  • Regex /npm\s+audit(?:\s+[^\s]+)*/ captures all command variants including flags
  • Deduplicates commands, removes backticks

Example

When npm outputs:

13 high severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Users now get clickable quick fixes for npm audit, npm audit fix, and npm audit fix --force.

Original prompt

This section details on the original issue you should resolve

<issue_title>Add quick fix for npm vulnerabilities</issue_title>
<issue_description>Suggestion from Brigit that we cover this type of output with a quick fix:

image

Currently npm quick fixes:

vscode/extensions/npm/src/npmMain.ts

Lines 74 to 96 in 45feb8c

context.subscriptions.push(vscode.window.registerTerminalQuickFixProvider('ms-vscode.npm-command', {
provideTerminalQuickFixes({ outputMatch }) {
if (!outputMatch) {
return;
}
const lines = outputMatch.regexMatch[1];
const fixes: vscode.TerminalQuickFixTerminalCommand[] = [];
for (const line of lines.split('\n')) {
// search from the second char, since the lines might be prefixed with
// "npm ERR!" which comes before the actual command suggestion.
const begin = line.indexOf('npm', 1);
if (begin === -1) {
continue;
}
const end = line.lastIndexOf('#');
fixes.push({ terminalCommand: line.slice(begin, end === -1 ? undefined : end - 1) });
}
return fixes;
},
}));
</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 5 commits December 8, 2025 11:31
@alexr00
Add quick fix for npm audit vulnerabilities
6670e0c 
Co-authored-by: alexr00 <38270282+alexr00@users.noreply.github.com>
@alexr00
Refine regex pattern for npm vulnerability detection
ade692e 
Co-authored-by: alexr00 <38270282+alexr00@users.noreply.github.com>
@alexr00
Improve regex matching to handle various npm audit flags
191ea42 
Co-authored-by: alexr00 <38270282+alexr00@users.noreply.github.com>
@alexr00
Address code review feedback - improve regex precision
0a522dd 
Co-authored-by: alexr00 <38270282+alexr00@users.noreply.github.com>
@alexr00
Increase character capture limit to 2000 for verbose npm output
9daa4e7 
Co-authored-by: alexr00 <38270282+alexr00@users.noreply.github.com>
Copilot AI changed the title [WIP] Add quick fix for npm vulnerabilities Add terminal quick fix for npm vulnerability warnings Dec 8, 2025
Copilot AI requested a review from alexr00 December 8, 2025 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexr00 alexr00 Awaiting requested review from alexr00

At least 1 approving review is required to merge this pull request.

Assignees

@alexr00 alexr00

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add quick fix for npm vulnerabilities

2 participants

@alexr00