You can add .vscode to things like .gitignore or .npmignore, and the packager should ignore those files. Or, you can zip the files up yourself if you have specific files you don’t want to include.
Most bundlers (Webpack, Parcel, etc.) will allow you to “minify” your JS code to reduce the size, and also to help with obfuscation. But that code has to be run somehow, and you’ll quickly run into diminishing returns when it comes to trying to protect the code.,
We are working on some entitlement checking that will present an obstacle to casual copying, but if a malicious user who is technological wants to investigate the innards of your plugin, there’s not a whole lot you can do to stop them.
package.json – All the marketplace cares about is the bundle ready for distribution.
package.json is not part of this. You can include it, but UXP doesn’t do anything with it. (Note that if any step requires
npm install to run your plugin, you’ll need to build your plugin with a bundler so that you can create a distribution version instead. UXP will not install npm packages on your behalf.)