[evanjrowley]

If I was malware, one of the first things I'd do is check that scratch files directory for secrets.

The default behavior of Notepad++ is a very real security risk. So many system admins and developers will throw passwords and API keys into there and just forget about it. The scratch files are all sitting there unencrypted and with easy to exploit permissions.

Alas, my first thought after seeing TextAdept was that it could serve as a more secure alternative to Notepad++.

[Fwirt]

Legitimately curious, how would you implement a “secure” scratch file functionality? Or is it just that the whole notion of scratch files is insecure?

The great thing about Textadept’s extensibility (and use of Lua specifically) is that it’s easy to pull in other Lua modules to add functionality. I don’t think it would be much work to modify the scratch file extension to prompt you for an encryption key on startup and then run the scratch files through libsodium (via luasodium) if you want to have your cake (scratch files) and eat it (some cursory level of security).

[evanjrowley]

I use Joplin, which is a cross-platform FOSS notes app featuring E2EE. It's not a perfect solution and not much of a text editor, but it's the right direction.

Everything else is explicitly saved (without secrets) or just an ephemeral buffer in Neovim.

[rickstanley]

I have this view as well. After years of Notepad++, the last security problem made me want to switch, not because of just that, but that, overall, since the author has an active voice expressing his political views (which is totally fine), I have this unease feeling that it makes him, and his products, a notorious target.

Searching for alternatives, Textadept seemed to fill the gap between features, speed and simplicity.

The plugin mentioned by the parent is really easy to grasp and tailor to my needs, which would not be the case with Notepad++, well, not for me at least.