alt Hacker News"Code provides features that may automatically execute files in this folder. If you don't trust the authors of these files, we recommend to continue in restricted mode as the files may be malicious."
If you proceed with "Trust Project" you're at your own fault.
Replies
The "trust project" feature has been designed to be so extremely intrusive and annoying that the first thing I do is to completely disable it whenever I install VS Code on a new computer. This "solution" was just done to tick some box and put the blame on the user when a security incident happens. It's pretty similar to Windows Vista where it annoyed you with a disruptive popup so many times during the normal course of actions that most people ended up disabling the whole UAC system. Overall security goes down, and Microsoft has a nice excuse.
You know what would be better? Telling me explicitly what file/script will run and asking permission for that. A blanket message every time is no better than the cookie popups and doesn’t tell me if the project has 0 files that will run.