security

How big is the security risk if a VSCode extension gets compromised?

And is there anything we can do to mitigate the potential risk?

Co-Founder at sablier.com, and open-source developer. I have a broad range of interests, including longevity, epistemology, physics, and psychology.

hmm I wonder if cursor can be set up to analyze extensions for compromises/malicious code.

Game over for whatever system you're running on.

The two main options, keep any sensitive keys off the system you're running vscode on, or run vscode entirely in a VM.

I'm mostly doing the former at the moment, maybe migrating to the latter, but that feels like a huge pain in the ass.

Also some remote development options.

I think there’s no definitive way to prevent it the best we can do is reduce the risk by installing only trusted extensions.