VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • Visual Studio Code

    Visual Studio Code

    This feature request has been sitting around since 2018:

    https://github.com/microsoft/vscode/issues/52116

    It advocates for treating VSCode extension permissioning like browser extension permissioning.

    Of course, it's not a panacea, but it would be lovely to have.

    I discovered it when I went searching for a way to disable network access for a particular extension. You can do it, sort of, for VSCode itself, but not for individual extensions.

  • gitignore-ultimate-vscode

    VSCode extension that allows to speed up the drafting of .gitignore files.

    I want that feature too, but in reality, many non-trivial extensions require the execution of binaries such as language servers. Applying capability models to these executables will require OS support or containerization, but the overhead for memory and disk will be huge. In fact, even an extension to auto-complete paths in .gitignore files requires running a language server written in Rust [1], and it has the real benefit of supporting multiple editors with ease. If the "prettiest java" or "python-vscode" extensions in the article insisted on needing full permissions for Java or Python execution, I believe users would be convinced and end up installing them.

    [1] https://github.com/quentinguidee/gitignore-ultimate-vscode

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  • gitignore-ultimate-server

    This server implements the Language Server Protocol to help you write gitignore files faster

    A language server for gitignore is not what I was expecting to come across this morning.

    https://github.com/quentinguidee/gitignore-ultimate-server

  • lapce

    Lightning-fast and Powerful Code Editor written in Rust

    thats why we need wasi/wasm bashed sandboxed plugins scoped bashed on capability it needs.

    i think lapce supports wasi plugin but overall ux is not there yet when i last tried.

    https://github.com/lapce/lapce

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts