|
|
|
|
|
|
by basil-rash
728 days ago
|
|
|
Indeed. One should always disable extension auto updating. Besides that, there’s not really any less security than NPM packages. It’s the open secret of the whole industry that we just open ourselves to RCE every day because the alternative (vetting dependencies) is too annoying. |
|
|
https://code.visualstudio.com/docs/editor/extension-marketpl...