security

How big is the security risk if a VSCode extension gets compromised?

And is there anything we can do to mitigate the potential risk?

Co-Founder at sablier.com, and open-source developer. I have a broad range of interests, including longevity, epistemology, physics, and psychology.

Game over for whatever system you're running on.

The two main options, keep any sensitive keys off the system you're running vscode on, or run vscode entirely in a VM.

I'm mostly doing the former at the moment, maybe migrating to the latter, but that feels like a huge pain in the ass.

Also some remote development options.