sunerpy · sunerpy · Oct 26, 2025 · Oct 26, 2025 · Oct 26, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,11 +36,6 @@ jobs:
           echo "🔍 Checking for unused dependencies..."
           npx depcheck || echo "⚠️  Some dependencies might be unused"
 
-      - name: Security audit
-        run: |
-          echo "🔒 Running security audit..."
-          pnpm audit --audit-level moderate || echo "⚠️  Security vulnerabilities found"
-
   security:
     name: Security Check
     runs-on: ubuntu-latest
@@ -52,9 +47,6 @@ jobs:
       - name: Setup Node.js and pnpm
         uses: ./.github/actions/setup-node-pnpm
 
-      - name: Run security audit
-        run: pnpm audit --audit-level moderate
-
       - name: Check for secrets
         uses: trufflesecurity/trufflehog@main
         with:

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -43,11 +43,6 @@ jobs:
             build-info.txt
           retention-days: 30
 
-      - name: Check for security vulnerabilities
-        run: |
-          echo "🔒 Running security audit..."
-          pnpm audit --audit-level moderate || echo "⚠️  Security vulnerabilities found"
-
       - name: Check for outdated dependencies
         run: |
           echo "📦 Checking for outdated dependencies..."
@@ -61,8 +56,6 @@ jobs:
           echo "## Outdated Dependencies" >> dependency-report.md
           pnpm outdated >> dependency-report.md 2>&1 || echo "All dependencies are up to date" >> dependency-report.md
           echo "" >> dependency-report.md
-          echo "## Security Audit" >> dependency-report.md
-          pnpm audit --audit-level moderate >> dependency-report.md 2>&1 || echo "No security issues found" >> dependency-report.md
 
       - name: Upload dependency report
         uses: actions/upload-artifact@v4

diff --git a/package.json b/package.json
@@ -155,7 +155,6 @@
     "build": "pnpm run package",
     "build:vsix": "vsce package",
     "publish:vsix": "pnpm vsce publish --no-dependencies",
-    "security:audit": "pnpm audit --audit-level moderate",
     "deps:check": "depcheck",
     "deps:outdated": "pnpm outdated"
   },

diff --git a/src/core/extensionManager.ts b/src/core/extensionManager.ts
@@ -7,6 +7,7 @@ import { ErrorHandler, ErrorType } from './errorHandler';
 import { logger } from './logger';
 import { ExtensionImportResult } from './reportManager';
 import { isExtensionIgnored } from '../types/constants';
+import { getVSCodeExtensionsDirectory } from '../utils/vscodeEnvironment';
 
 export interface ExtensionComparisonResult {
   id: string;
@@ -347,21 +348,22 @@ export class ExtensionManager {
    * 获取扩展目录
    */
   private getExtensionsDirectory(): string {
-    if (process.env.VSCODE_PORTABLE) {
-      return path.join(process.env.VSCODE_PORTABLE, 'data', 'extensions');
+    // 方法1: 从已安装的扩展路径推断扩展目录
+    const installedExtensions = vscode.extensions.all.filter((ext) => !ext.packageJSON.isBuiltin);
+
+    if (installedExtensions.length > 0) {
+      // 获取第一个非内置扩展的路径
+      const firstExtPath = installedExtensions[0].extensionPath;
+      // 扩展路径格式: /path/to/extensions/publisher.name-version
+      // 我们需要获取 extensions 目录
+      const extensionsDir = path.dirname(firstExtPath);
+      logger.debug(`从已安装扩展推断扩展目录: ${extensionsDir}`);
+      return extensionsDir;
     }
 
-    const platform = os.platform();
-    const homeDir = os.homedir();
-
-    switch (platform) {
-      case 'win32':
-      case 'darwin':
-      case 'linux':
-        return path.join(homeDir, '.vscode', 'extensions');
-      default:
-        return path.join(homeDir, '.vscode', 'extensions');
-    }
+    // 方法2: 如果没有已安装的扩展，使用 vscodeEnvironment 工具函数作为后备
+    logger.debug('没有找到已安装的扩展，使用后备方法获取扩展目录');
+    return getVSCodeExtensionsDirectory();
   }
 
   /**