Security Setting and IP Protection
When developing an extension, your code is by default protected against downloading or debugging. Read below about the security setting and adding Intellectual Property (IP) protection against downloading or debugging into an extension to see the source code in the extensions.
The extension development package provides a pre-configured setting for IP protection against viewing or downloading the code of the extensions. However, this setting can also be controlled in the manifest; the
IP protection setting
When you start a new project, an
app.json file is generated automatically, which contains the information about the extension that you are building on. The
app.json file contains a setting called
showMyCode, which controls whether it is possible to debug into the extension, when that extension is taken as a dependency. The default value of this property is set to false. This means that debugging into an extension to view the code is not allowed. For a more refined setting, you can specify the
NonDebuggable attribute on methods and variables. For more information, see NonDebuggable Attribute.
showMyCode setting is not visible in the
app.json file when it is generated.
showMyCode is set to false, you will still be able to view that code if an extension is deployed through Visual Studio Code, as opposed to deploying using a cmdlet or via AppSource.
Changing the IP protection setting
If you want to allow debugging into an extension to view the source code, you can add the
showMyCode property in the
app.json file and set the property value to true. For example, if a developer develops extension A and he or someone else on the team develops extension B, and B depends on A, then debugging B will only step into the code for A if a method from A is called and if the
ShowMyCode flag is set to true in the app.json for extension A as shown in the example below:
By adding this setting, you enable debugging into an extension to view the source code when that extension is set as a dependency.