I installed Zed on a work machine at a well-known software company and a week later they forced me to reimage my machine because they got some alert that the app was attempting to access browser credentials :(
No shade on Zed, sometimes in-house security tools just don't like new software.
According to the email I initially received for this alert, zed.exe was attempting to access its own folder within the AppData directory. Nothing more normal than that, no?
No idea how that related to what I was told by the sec people shortly afterwards.
I really need to find the time to properly test Zed. I'm mainly using PHP Storm and I love what it can do, especially when it comes to code discovery and auto-completion. I'm not a huge fan of having a bloated toolbox, I never use PHP Storm's included terminal or database browser.
Zed was super impressive when I first started it, but I don't know yet how it compares with PHP Storm.
The extension capability is much less powerful than VSCode (no embedded web view) so it's a lot harder to pull off crazy stuff. All of the language support is done via language servers.
But in the process of installing those language servers (automatically, without notifying you) it will install node, and download npm packages, which can do crazy stuff, as we've seen recently with the shai halud redux
In this day and age, and extensión is the thing is ask my local AI to do for me. They are very simple, self contained code that can be crappy as I'll run it locally.
Browser extensions have been a great playground for me.
You're preaching to the choir, I've personally done 30+ custom chrome extensions and that was pre-AI.
Nowadays it's mostly tamper-monkey scripts when I just want to rearrange a website's DOM. I do those with Claude and it one-shots them more often than not.
The only way I found out is because I run NixOS and it downloaded a dynamically linked binary that failed to start up and it spat out an error