Open VSX Mirror

EnhancedAdvanced

Posit Package Manager supports creating a VS Code extensions (VSX) repository with a source that mirrors Open VSX, an open source registry for VS Code extensions.

Adding an Open VSX repository to a Package Manager installation will:

• Provide a full mirror of all extensions available on Open VSX.
• Enable date-based snapshots for a stable, governed extension marketplace.
• Locally cache downloaded VS Code extensions (VSIX files) for quicker installs.

Quickstart

The quickest way to make Open VSX extensions available for your Package Manager installation is by running these commands:

Terminal

rspm create repo --name=openvsx --type=vsx --description='Access VS Code extensions'
rspm subscribe --repo=openvsx --source=openvsx

For more information about these commands, refer to the Creating an Open VSX Repository section below.

Client Configuration

Once you create a VSX repository, users need to configure Positron and other VS Code-compatible editors to use Package Manager as their extensions gallery.

• Posit Workbench (Positron Pro and VS Code sessions): Configuring Posit Workbench
• Standalone Positron, VS Code, and other editors: Configuring VS Code Extensions in the User Guide

Creating an Open VSX Repository

The Quickstart section above provides commands for quickly making Open VSX extensions available. This section further describes these commands and operations.

• Create a VSX repository with a description:

Terminal

$ rspm create repo --name=openvsx --type=vsx --description='Access VS Code extensions'
Repository: openvsx - VSX

• Subscribe the repository to the preconfigured openvsx source:

Terminal

$ rspm subscribe --repo=openvsx --source=openvsx
Repository: openvsx
Sources:
--openvsx (Open VSX)

Note

If you try subscribing a non-VSX type repository to a VSX source, you will get the error source type must be compatible with repository type.

Open VSX and the Posit Package Service

The Open VSX source retrieves its metadata from the Posit Package Service automatically. Package Manager checks for Open VSX updates from the Posit Package Service regularly. If you need to force an immediate update, you can synchronize manually:

Terminal

rspm sync --type=openvsx

Snapshots

Open VSX repositories support date-based snapshots, allowing you to freeze the set of available extensions to a specific point in time. This is useful for providing a stable, governed baseline for your organization’s extension marketplace.

How Open VSX Snapshots Differ from CRAN/PyPI

Open VSX snapshots work differently from CRAN and PyPI snapshots:

• CRAN/PyPI snapshots are fully deterministic. They are backed by detailed manifest history, so a snapshot from a past date shows exactly what was available at that time, including packages that have since been deleted or replaced.
• Open VSX snapshots use date-based filtering on extension published timestamps. When you view an Open VSX snapshot from a past date, you see extensions that were published on or before that date and still exist today. If an extension is removed from Open VSX, it will no longer appear in any snapshot, including past ones.

This difference is by design. VS Code extensions don’t have the same reproducibility requirements as R and Python packages. Nobody pins a lockfile to a specific extension snapshot date. The value of Open VSX snapshots is giving IT administrators a stable baseline for their internal marketplace. For that use case, the simpler model, where snapshots reflect what’s currently real, is the right behavior. It also means that extensions removed for security reasons (e.g., malicious extensions) are automatically removed from all snapshots.

Air-Gapped Environments

Package Manager supports Open VSX mirroring in air-gapped (offline) environments. Use the rspm-offline-downloader get openvsx command to download extension data on an internet-connected system, then copy it to your offline server.

The offline downloader can download all extensions or a curated subset specified via an extensions.txt file, and resolves dependencies automatically. You can also filter downloads by target platform to reduce storage requirements.

For full instructions, see Air-Gapped Package Manager.

Authentication Limitations

VS Code-based editors (Positron, VS Code) do not support authenticated extensions galleries, so users will not be able to install extensions from authenticated VSX repositories using standard editor workflows. The Authentication.NewReposAuthByDefault setting excludes VSX repositories for this reason.

If you need to restrict access to your VSX repository, consider network-level controls (firewall rules, VPN, etc.) instead of repository authentication.