I published a paper to solve the "unrestricted access" dangerous VSCode Extensions have.

The paper outlines a 3-part automated system: 1. Risk profile VS Code Extensions 2. Generate per-extension sandboxing policies automatically 3. Enforce sandboxing at runtime without disrupting existing system

The goal was an extremely low-profile system that doesn't require additional software. This could be an important asset in the increasingly dangerous and unregulated VSCode extension ecosystem.

Btw, the risk-profiling section is an evolution of my free extension scanner vscan.dev. If you any questions about vscan.dev, you can reach out at vscandevteam@gmail.com.