## https://sploitus.com/exploit?id=C6D26B0E-A569-5B2C-ADAA-D1FB35F24DC7
# CVE-2021-26700
To make this exploit succeed, following steps are required:
1. Download the npm extension file though this [api](https://eg2.gallery.vsassets.io/_apis/public/gallery/publisher/eg2/extension/vscode-npm-script/0.3.13/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage), storing it at some local path $EXTENSION_PATH.
2. Change the extension file's name to "npm-extension.vsix".
2. Install the extension though the command `code --force --install-extension $EXTENSION_PATH/npm-extension.vsix`. Note that the extension might be auto updated anytime, so make sure that the npm extension vesion is v0.3.13 before you start exploiting (If not, just run the command again).