The ovsx package depends on @vscode/vsce-sign through the usage of @vscode/vsce. The vsce-sign has a problematic license, see https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/25926
We should evaluate whether the vsce-sign package can be replaced, e.g. with https://github.com/filiptronicek/node-ovsx-sign
The ovsx package depends on
@vscode/vsce-signthrough the usage of@vscode/vsce. The vsce-sign has a problematic license, see https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/25926We should evaluate whether the vsce-sign package can be replaced, e.g. with https://github.com/filiptronicek/node-ovsx-sign