The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extens...

fg137 • yesterday at 8:15 PM • 3 replies • view on HN

The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1][2]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this.

I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security.

[0] https://github.com/microsoft/vscode/issues/52116

[1] https://news.ycombinator.com/item?id=42979994

[2] https://news.ycombinator.com/item?id=46855527

Replies

bbor • yesterday at 10:15 PM

I am so, so stressed about Sublime Text... It feels like a massive disaster just waiting to happen. They don't even run their own package marketplace :(

zx8080 • yesterday at 9:09 PM

> but apparently Microsoft has put way more effort into their Copilot slop than security.

Your security or their money (selling Copilot to enterprise customers): what would they choose, hmm? Surprise!

ozim • yesterday at 9:48 PM

Why would you sandbox extension?

Just don’t install crap maybe.

➕ show 4 replies

alt Hacker News

Replies