Version: 2.1
Scope: Packaging, activation, performance, UX, and marketplace hygiene.

• [ ] Activation events are minimal and correct; avoid „activate on *“ unless justified
• [ ] No long-running work on the extension host thread; async work is cancellable
• [ ] Commands contribute consistent IDs, titles, and category grouping
• [ ] Settings (contributes.configuration) are documented, validated, and have safe defaults
• [ ] External tool invocations are validated/sanitized; workspace paths are treated as untrusted input
• [ ] File IO is cross-platform safe (paths, encodings, line endings)
• [ ] Telemetry (if any) is explicit, minimal, and documented (prefer none)
• [ ] package.json metadata is complete (publisher/name/version/license/repository)
• [ ] Marketplace assets exist (README, CHANGELOG); version bump follows semantic rules

• [ ] Provide progress reporting and cancellation tokens for long operations
• [ ] Avoid excessive file watching; debounce and scope watchers
• [ ] Minimize extension size; avoid shipping unnecessary binaries/assets

• [ ] Add smoke tests (basic activation + command run)
• [ ] Provide „offline mode“ behavior if the extension normally calls remote services

<wvds:audit:template> activationEvents defined Commands consistent repository field present CHANGELOG.md exists README.md present </wvds:audit:template>

Version: 2.1 (Split)
Author: Wolfgang van der Stille

Back to Stack Checklists | Review Checklists