To make this exploit succeed, following steps are required:
1. Download the npm extension file though this [api](https://eg2.gallery.vsassets.io/_apis/public/gallery/publisher/eg2/extension/vscode-npm-script/0.3.13/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage), storing it at some local path $EXTENSION_PATH.
2. Change the extension file's name to "npm-extension.vsix".
2. Install the extension though the command `code --force --install-extension $EXTENSION_PATH/npm-extension.vsix`. Note that the extension might be auto updated anytime, so make sure that the npm extension vesion is v0.3.13 before you start exploiting (If not, just run the command again).