rspm create blocklist-rule

EnhancedAdvanced

Command to create blocklist rules.

Terminal
rspm create blocklist-rule [flags]

Examples

Terminal
  # --- Block by matching criteria (name, version, namespace, source, repository) ---

  # Block a package everywhere, optionally pinning a version.
  rspm create blocklist-rule --package-name=[package name] --description=[text]
  rspm create blocklist-rule --package-name=[package name] --version=[version]

  # Block 'ggplot2' versions below 1.0.0.
  # Note that special characters like '<' and '>' must be escaped in quotes.
  rspm create blocklist-rule --package-name=ggplot2 --version='<1.0.0' --description="Block 'ggplot2' versions <1.0.0"

  # Limit a package-name rule to a single source or repository.
  rspm create blocklist-rule --package-name=[package name] --source=pypi --description=[text]
  rspm create blocklist-rule --package-name=[package name] --repo=pypi --description=[text]
  rspm create blocklist-rule --source=pypi --package-name=Django --description="Block 'Django' from PyPI"

  # Block VS Code extensions by name, optionally scoped to a VSX source or repository.
  rspm create blocklist-rule --package-name=malicious.extension --description="Block malicious extension"
  rspm create blocklist-rule --package-name=deprecated.tool --source=openvsx --description="Block deprecated tool from Open VSX"
  rspm create blocklist-rule --package-name=untrusted.pkg --repo=openvsx --description="Block untrusted extension from VSX repo"
  rspm create blocklist-rule --package-name=ms-python.python --version='<2024.0.0' --description="Block old Python extension versions"

  # Block every VS Code extension under one or more publisher namespaces.
  rspm create blocklist-rule --namespaces=malicious-publisher --description="Block all extensions from malicious-publisher"
  rspm create blocklist-rule --namespaces=publisher-a,publisher-b --description="Block all extensions from two publishers"

  # Block 'a4' across all Bioconductor versions, including future versions.
  rspm create blocklist-rule --bioconductor --package-name=a4 --description="Block 'a4' across all Bioconductor versions"

  # Block a package once it is deleted from the latest CRAN or PyPI snapshot.
  rspm create blocklist-rule --deleted-packages --description="Block packages deleted from CRAN or PyPI"

  # Block package versions until they are at least 30 days old (a cooldown on newly published versions).
  rspm create blocklist-rule --min-age=30d --description="Block package versions newer than 30 days"

  # --- Block by license ---

  # List the available license types.
  rspm list license-types

  # Block packages by license type, or by unknown/missing license.
  rspm create blocklist-rule --license-types=AGPL-3.0-only,AGPL-3.0-or-later --description="Block all packages licensed under AGPL v3 or later"
  rspm create blocklist-rule --license-types=Unknown --description="Block all packages with an unknown or missing license"

  # --- Block by vulnerability ---

  # Block all packages with known security vulnerabilities.
  rspm create blocklist-rule --vulns --description="Block all packages with known security vulnerabilities"

  # Block packages at or above a vulnerability score, optionally including unscored ones.
  rspm create blocklist-rule --min-severity=7.0 --description="Block all packages with a vulnerability score 7.0 and above"
  rspm create blocklist-rule --min-severity=7.0 --block-unscored --description="Block all packages with an unscored vulnerability or a score 7.0 and above"

  # --- Allow packages with exceptions ---

  # An exception allows a package even when another rule would block it.
  rspm create blocklist-rule --source=[source name] --exception --description=[text]
  rspm create blocklist-rule --source=openvsx --package-name=ms-python.python --exception --description="Allow ms-python.python in Open VSX"
  rspm create blocklist-rule --source=pypi --package-name=guesser --exception --description="Allow 'guesser' PyPI package with an unknown license"

  # Allow only specific VS Code namespaces.
  rspm create blocklist-rule --namespaces=ms-python --exception --description="Allow ms-python.* extensions"
  rspm create blocklist-rule --namespaces=ms-python,GitHub --exception --description="Allow ms-python.* and GitHub.* extensions"

  # --- Test your rules ---

  # Check what the current rules do for a given package, version, and repo.
  rspm test blocklist-rules --repo=cran --package-name=ggplot2 --version=0.9.0

Options

Terminal
      --bioconductor           Block in all Bioconductor sources.
      --block-unscored         Block packages with unscored vulnerabilities.
      --deleted-packages       Block a package if it was deleted from the latest CRAN or PyPI snapshot.
      --description string     Description text. Optional.
      --exception              Allow package if any of the rules match.
  -h, --help                   help for blocklist-rule
      --license string         Case-insensitive substring for matching package licenses.
      --license-types string   A comma-separated list of package license types. License types are either a license identifier in the SPDX License List (non-deprecated), or "Unknown" for an unknown or missing license. Use the 'rspm list license-types' command to display available license types, or see https://spdx.org/licenses/ for a detailed list of SPDX license identifiers.
      --min-age string         Block package versions until they reach this minimum age, expressed as a duration such as '30d' or '24h' (a cooldown on newly published versions).
      --min-severity float     Block packages matching or exceeding this vulnerability score.
      --namespaces string      Comma-separated VS Code extension publisher namespaces (e.g., 'ms-python' or 'ms-python,GitHub'). Blocks every extension under any of those namespaces; combine with --exception to allow only those namespaces. VSX sources only (Local VSX, Open VSX, Curated VSX)  has no effect on R, Python, or Bioconductor packages, and cannot be combined with a non-VSX --source, --repo, or --bioconductor.
      --package-name string    The name of the package.
      --priority uint          Execution priority, lower is executed earlier. (default 100)
      --repo string            The name of the repository.
      --source string          The name of the source.
      --succeed-on-existing    Do not return an error if rule already exists.
      --version string         Version string with optional operator for matching like '<1.0.0'. Valid operators include: >, >=, <, and <=.
      --vulns                  Block the package if it contains any known security vulnerabilities.

Options inherited from parent commands

Terminal
  -a, --address string             The address of the remote server. If not specified, the PACKAGEMANAGER_ADDRESS environment variable is used.
  -c, --config string              Path to config file
      --insecure-ssl-skip-verify   If true, skip SSL certificate validation. This reduces the security that SSL normally provides.
  -o, --output-format string       Specify the output format 'human' for human-readable output or 'json' for JSON-encoded output. (default "human")
  -v, --verbose                    Provide additional output
Back to top