I was feeling like sneering as well about how my emacs setup never caused any issues until I remembered emacs packages have zero protection whatsoever and can run anything anywhere, are ALL authored by some guy in Nebraska or Slovakia or something in their spare time :) but we don’t see any attacks since there’s so few of us still using emacs.
Sublime's de facto package control repository is handled by an Uber engineer and father of 5 in his spare time, not someone currently at Sublime per https://packagecontrol.io/about / https://packagecontrol.io/say_thanks and his linked site.
VS Code Marketplace seems to have a number of protections in place: https://code.visualstudio.com/docs/configure/extensions/exte... / https://code.visualstudio.com/api/advanced-topics/extension-...
It also appears that Sublime doesn't have sandboxing: https://github.com/sublimehq/sublime_text/issues/6915
> I love to see …
Be kind to others. https://news.ycombinator.com/newsguidelines.html
> "VSCode is perfect"
Is the claim "VSCode is perfect" one that you've regularly run across, that you specifically called it out?
(I'm personally happy that multiple editor options exist.)