security

How big is the security risk if a VSCode extension gets compromised?

And is there anything we can do to mitigate the potential risk?

It's so easy to add extensions, and they have the permissions of the user that runs vscode!  Luckily, Microsoft checks them, even ones without a ✔️. https://code.visualstudio.com/docs/configure/extensions/extension-runtime-security?hl=en-US

I think that a highly-targeted exploit from an untrusted source is totally a realistic concern though.

Co-Founder at sablier.com, and open-source developer. I have a broad range of interests, including longevity, epistemology, physics, and psychology.