calrain
14 hours ago
100% stay away from it.
I think a better question is: "How can you ensure any VS Code extension is safe to use?"
Understanding exactly what an extension does and getting clarity around how it operates is something that I'd like to better understand as well.
It makes me think that moving to other editors like Neovim might be a safer way to go, if Microsoft has created an environment where malicious plug-ins can operate.
cloogshicer
14 hours ago
Thanks, yeah, I def won't install it.
Looks like there are some calls to `fs` and `path`, so it's definitely reading the file system, which could be legitimate, but yeah hard to say.
Kinda wild that simply installing an extension can give the author full access and there isn't really a way to verify extension code.
I mean even if they had linked a repo that actually contained code, how can I know that the code from the repo is actually the same that gets downloaded when the extension is installed?