Currently, Visual Studio Code extensions are not signed or verified on the Microsoft Visual Studio Code Marketplace. Salesforce provides the Secure Hash Algorithm (SHA) of each extension that we publish. To verify the extensions, make sure that their SHA values match the values in the list below.
-
Instead of installing the Visual Code Extension directly from within Visual Studio Code, download the VS Code extension that you want to check by following the instructions at https://code.visualstudio.com/docs/editor/extension-gallery#_common-questions. For example, download, https://salesforce.gallery.vsassets.io/_apis/public/gallery/publisher/salesforce/extension/salesforcedx-vscode-core/57.15.0/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage.
-
From a terminal, run:
shasum -a 256 <location_of_the_downloaded_file>
-
Confirm that the SHA in your output matches the value in this list of SHAs. 3a28223251a6c7fe66c9e03142dcbe105a1ff879251c3b3ca0b56b5679d33cd3 ./sfdx-code-analyzer-vscode-0.5.0.vsix
-
Change the filename extension for the file that you downloaded from .zip to .vsix.
-
In Visual Studio Code, from the Extensions view, select ... > Install from VSIX.
-
Install the verified VSIX file.