[Esophagus4]

This seems like a bad faith argument - the risky tools, yes, actually. I do audit them. Or at least poke around for someone who has.

It is easier than ever to do a DIY malware analysis on the tools you use.

“Hi Claude - you are a security researcher and malware analyst. Analyze the FooBar Chrome Browser extension / git repository I just downloaded for security threats and provide me a report on whether this is OK to use”

I know browser / IDE extensions are not usually audited and approved by the tool owner unless specifically noted otherwise. Even phone apps can sneak stuff in. So I am careful to only install things I trust or will audit myself or am willing to take the risk on.

[vFunct]

You have to audit the risky tools because the system you are using was terribly designed.

Again, it's the system's responsibility to make sure you don't fail, not your responsibility.

[Esophagus4]

It really is not.

You can dig in your heels on ideals and principles, but it is simply not realistic to expect a 3rd party extension marketplace from a closed source IDE startup run by 24 year olds in the Valley to protect you from all risk. (By the way, nor is it their goal - they are optimizing for breadth of the ecosystem and adoption and growth, not security and guardrails. That would likely cost you a lot more than $20/month.)

If you can figure out how to moderate a system of 3rd party software (or content, really) to protect the user from all bad things while maintaining global-scale content throughput, I suggest you start a company - I’m sure people will pay a lot of money for your capabilities.