rspm create blocklist-rule
EnhancedAdvanced
Command to create blocklist rules.
Terminal
rspm create blocklist-rule [flags]Examples
Terminal
# --- Block by matching criteria (name, version, namespace, source, repository) ---
# Block a package everywhere, optionally pinning a version.
rspm create blocklist-rule --package-name=[package name] --description=[text]
rspm create blocklist-rule --package-name=[package name] --version=[version]
# Block 'ggplot2' versions below 1.0.0.
# Note that special characters like '<' and '>' must be escaped in quotes.
rspm create blocklist-rule --package-name=ggplot2 --version='<1.0.0' --description="Block 'ggplot2' versions <1.0.0"
# Limit a package-name rule to a single source or repository.
rspm create blocklist-rule --package-name=[package name] --source=pypi --description=[text]
rspm create blocklist-rule --package-name=[package name] --repo=pypi --description=[text]
rspm create blocklist-rule --source=pypi --package-name=Django --description="Block 'Django' from PyPI"
# Block VS Code extensions by name, optionally scoped to a VSX source or repository.
rspm create blocklist-rule --package-name=malicious.extension --description="Block malicious extension"
rspm create blocklist-rule --package-name=deprecated.tool --source=openvsx --description="Block deprecated tool from Open VSX"
rspm create blocklist-rule --package-name=untrusted.pkg --repo=openvsx --description="Block untrusted extension from VSX repo"
rspm create blocklist-rule --package-name=ms-python.python --version='<2024.0.0' --description="Block old Python extension versions"
# Block every VS Code extension under one or more publisher namespaces.
rspm create blocklist-rule --namespaces=malicious-publisher --description="Block all extensions from malicious-publisher"
rspm create blocklist-rule --namespaces=publisher-a,publisher-b --description="Block all extensions from two publishers"
# Block 'a4' across all Bioconductor versions, including future versions.
rspm create blocklist-rule --bioconductor --package-name=a4 --description="Block 'a4' across all Bioconductor versions"
# Block a package once it is deleted from the latest CRAN or PyPI snapshot.
rspm create blocklist-rule --deleted-packages --description="Block packages deleted from CRAN or PyPI"
# Block package versions until they are at least 30 days old (a cooldown on newly published versions).
rspm create blocklist-rule --min-age=30d --description="Block package versions newer than 30 days"
# --- Block by license ---
# List the available license types.
rspm list license-types
# Block packages by license type, or by unknown/missing license.
rspm create blocklist-rule --license-types=AGPL-3.0-only,AGPL-3.0-or-later --description="Block all packages licensed under AGPL v3 or later"
rspm create blocklist-rule --license-types=Unknown --description="Block all packages with an unknown or missing license"
# --- Block by vulnerability ---
# Block all packages with known security vulnerabilities.
rspm create blocklist-rule --vulns --description="Block all packages with known security vulnerabilities"
# Block packages at or above a vulnerability score, optionally including unscored ones.
rspm create blocklist-rule --min-severity=7.0 --description="Block all packages with a vulnerability score 7.0 and above"
rspm create blocklist-rule --min-severity=7.0 --block-unscored --description="Block all packages with an unscored vulnerability or a score 7.0 and above"
# --- Allow packages with exceptions ---
# An exception allows a package even when another rule would block it.
rspm create blocklist-rule --source=[source name] --exception --description=[text]
rspm create blocklist-rule --source=openvsx --package-name=ms-python.python --exception --description="Allow ms-python.python in Open VSX"
rspm create blocklist-rule --source=pypi --package-name=guesser --exception --description="Allow 'guesser' PyPI package with an unknown license"
# Allow only specific VS Code namespaces.
rspm create blocklist-rule --namespaces=ms-python --exception --description="Allow ms-python.* extensions"
rspm create blocklist-rule --namespaces=ms-python,GitHub --exception --description="Allow ms-python.* and GitHub.* extensions"
# --- Test your rules ---
# Check what the current rules do for a given package, version, and repo.
rspm test blocklist-rules --repo=cran --package-name=ggplot2 --version=0.9.0Options
Terminal
--bioconductor Block in all Bioconductor sources.
--block-unscored Block packages with unscored vulnerabilities.
--deleted-packages Block a package if it was deleted from the latest CRAN or PyPI snapshot.
--description string Description text. Optional.
--exception Allow package if any of the rules match.
-h, --help help for blocklist-rule
--license string Case-insensitive substring for matching package licenses.
--license-types string A comma-separated list of package license types. License types are either a license identifier in the SPDX License List (non-deprecated), or "Unknown" for an unknown or missing license. Use the 'rspm list license-types' command to display available license types, or see https://spdx.org/licenses/ for a detailed list of SPDX license identifiers.
--min-age string Block package versions until they reach this minimum age, expressed as a duration such as '30d' or '24h' (a cooldown on newly published versions).
--min-severity float Block packages matching or exceeding this vulnerability score.
--namespaces string Comma-separated VS Code extension publisher namespaces (e.g., 'ms-python' or 'ms-python,GitHub'). Blocks every extension under any of those namespaces; combine with --exception to allow only those namespaces. VSX sources only (Local VSX, Open VSX, Curated VSX) — has no effect on R, Python, or Bioconductor packages, and cannot be combined with a non-VSX --source, --repo, or --bioconductor.
--package-name string The name of the package.
--priority uint Execution priority, lower is executed earlier. (default 100)
--repo string The name of the repository.
--source string The name of the source.
--succeed-on-existing Do not return an error if rule already exists.
--version string Version string with optional operator for matching like '<1.0.0'. Valid operators include: >, >=, <, and <=.
--vulns Block the package if it contains any known security vulnerabilities.Options inherited from parent commands
Terminal
-a, --address string The address of the remote server. If not specified, the PACKAGEMANAGER_ADDRESS environment variable is used.
-c, --config string Path to config file
--insecure-ssl-skip-verify If true, skip SSL certificate validation. This reduces the security that SSL normally provides.
-o, --output-format string Specify the output format 'human' for human-readable output or 'json' for JSON-encoded output. (default "human")
-v, --verbose Provide additional output