-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify in UI if extensions run code #162944
Comments
Probably also needs to be considered alongside #151599 if we're surfacing this in the list view. Otherwise we can think about how this might be surface on the detail and marketplace pages. |
@daviddossett I would not put this in the list view but only in the extension details page. That page has details that users can look at before installing an extension, and I feel like that is the right spot for this. |
May I know the root cause that is driving this? |
@sandy081 lot's of security features are about preventing something, there is no cause other than making VS Code secure and trustworthy.
|
Wondering any extension that a malicious author publishes has the same security concerns even if the extension had code or not before? CC @alexdima |
@sandy081 I actually pinged Alex Dima on the first comment because this is his idea :) I should have mentioned that - sorry. |
We closed this issue because we don't plan to address it in the foreseeable future. If you disagree and feel that this issue is crucial: we are happy to listen and to reconsider. If you wonder what we are up to, please see our roadmap and issue reporting guidelines. Thanks for your understanding, and happy coding! |
Currently there is no difference in the extension UI if an extension is running code or has no code - like themes.
Also I believe that most of our users are unaware that extensions that they install can execute any code they want.
I think we should:
fyi @daviddossett @alexdima
The text was updated successfully, but these errors were encountered: