alt Hacker NewsIt is beyond madness and well into "intentionally negligent" to release a plugin system without a permissions model in, like, the last 20 years. Can't believe people aren't up in arms about how wide open vscode and similar things are, particularly now that docker is widespread.
Thanks for building a scanner! I wish it wasn't necessary :/
IDK, I have built a plugin system myself. It is very hard to have a plugin system that is both powerful, versatile and sandboxed. Like with with anything you can pick 2. Most of the plugins I use in vscode like prettier, rust analyzer, etc all need file access and process spawn. So if you sandbox it they would all need max access anyway which kind of defeats the purpose.