[zelphirkalt]

To me it seems ridiculous, that a theme could even accumulate such things as analytics and even lots of dependencies. A theme is usually something self-contained. And even more ridiculous, that anyone can, as you write, "force uninstall" anything from my machine. So glad I am not a VS Code user. It seems all the typical corporate BS is happening with its marketplace and plugins.

[bmicraft]

Try Qt themes, they're binaries compiled from C++ code :)

[qbane]

If one can "force uninstall" for safety, then it implies that automatic upgrading an extension with the user's consent is unsafe at the first place.

[Cthulhu_]

It is, but that's the reality of today - auto-updates, "evergreen" releases. This was popularised by Chrome, and IMO fixed a LOT of headaches and allowed for much faster and more agile release cycles - the reality before was that a company like Microsoft would have to provide support for older versions of their software for X years and deal with the fallout of security issues with remaining older versions. (Web) developers had to be careful about adopting newer features because X% of their user base would still be on older versions of the runtime, leading to the invention of transpilers and the start of what is still a very complicated system in web front-end world.

[account42]

It doesn't fix any headaches it just outsources them to the users who get surprise breakages of their workflow in the middle of an important project.

[qbane]

* without the user's consent

[e40]

Isn't the problem that VS Code has no permission model (restricting of them), so all extensions can do anything?

[tabony]

While it is, the same issue exists in Sublime, Vim, Emacs, Gedit, pico/nano[1], IntelliJ, Android Studio, Eclipse, and every editor.

[1] https://threatpost.com/researchers-show-how-popular-text-edi...

I think Xcode may be the exception but Xcode plugins also can’t do much.

[e40]

I think Emacs and Vim will be lower probability targets than VS Code, though.

[knowitnone]

yeah. I hope you leave malicious code running on your computers to prove your point.