|
|
|
|
|
|
by judofyr
1863 days ago
|
|
|
> But in the end it doesn't make that much difference: nothing prevents a random library from just reading your secrets and calling curl to send it to a server at runtime. The difference here is that it happens when you open the project in the editor. If I'm suspicious of some code my first reaction would be to open it my editor and inspect it. The ESLint extension always asks whether you trust the `eslint` executable before it's enabled. It's still quite easy to click "allow" without thinking about it, but at least you'll have a choice to not execute potentially random code. |
|
|
I suspect the same problem exists in many other languages. How can you open a CMake project without executing it?