|
|
|
|
|
|
by 4gotunameagain
332 days ago
|
|
|
I did not by any means want to discourage you from developing things and sharing them, if anything I thank you for that. My intention was to highlight that the SW supply chain nowadays is an insecure mess. Regarding your last point, for the vast majority of open source SW releases, we can never be sure if the release we get is produced from the same code we see. I do not know if that is the case with VScode addons, but you get my point |
|
|
You actually can depackage vscode's .vsix files (it is just a zip file) and compare the package contents to the repository.