GitHub confirms breach of 3,800 repos via malicious VSCode extension

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons linkedin-bot template-engine-js

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  1. nx-console

    Nx Console is the user interface for Nx & Lerna.

    Because the link is blogspam.

    https://github.blog/security/investigating-unauthorized-acce... links to https://github.com/nrwl/nx-console/security/advisories/GHSA-... Nx Console

  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  3. Visual Studio Code

    Visual Studio Code

    As a vscode extension developer, the (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this.

    I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security.

    [0] https://github.com/microsoft/vscode/issues/52116

    [1] https://news.ycombinator.com/item?id=42979994

  4. GNU Emacs

    Mirror of GNU Emacs

    Emacs has been an option for going on 50 years now, just saying. The GNU Emacs 31 branch[0] was cut recently and we're barreling towards a new release. It might be time to give it another look.

    [0]: https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS

  5. sublime_text

    Issue tracker for Sublime Text

    Sublime also has packages. https://packagecontrol.io/

    Sublime's de facto package control repository is handled by one guy in his spare time as he works for Uber, not any Sublime employee: https://packagecontrol.io/about

    VS Code Marketplace seems to have far more protections in place: https://code.visualstudio.com/docs/configure/extensions/exte...

    It also appears that Sublime doesn't have any sandboxing: https://github.com/sublimehq/sublime_text/issues/6915

    > I love to see …

    Be kind. Don't sneer. Edit out swipes.

  6. livegrep

    Interactively grep source code. Source for http://livegrep.com/

    I cannot share much details, but one thing: livegrep had no issues handling that many repos! That project is such a blessing

    https://github.com/livegrep/livegrep

  7. zed

    Code at the speed of thought – Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter.

    That's a link to a hacker news post, which links to a reddit post, which links to https://github.com/zed-industries/zed/issues/12589 if anyone wants to go right to the 'open' issue.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Microsoft Deprecated Atom. New Open Source Text Editors?

    4 projects | /r/rust | 26 Dec 2022

  • HTML / PHP / CSS / JavaScript IDE for MacOS?

    4 projects | /r/MacOS | 27 Nov 2022

  • How to Create a Web Page (Step by Step)

    4 projects | dev.to | 29 Aug 2022

  • Editing Xenopixel on Mac

    3 projects | /r/lightsabers | 20 Aug 2022

  • What are your favorite text editors?

    10 projects | /r/linuxmasterrace | 6 Aug 2022
Loading...