Clarify in UI if extensions run code #162944
Comments
isidorn
added
extensions
|
Probably also needs to be considered alongside #151599 if we're surfacing this in the list view. Otherwise we can think about how this might be surface on the detail and marketplace pages. |
|
@daviddossett I would not put this in the list view but only in the extension details page. That page has details that users can look at before installing an extension, and I feel like that is the right spot for this. |
|
May I know the root cause that is driving this? |
|
@sandy081 lot's of security features are about preventing something, there is no cause other than making VS Code secure and trustworthy.
|
|
Wondering any extension that a malicious author publishes has the same security concerns even if the extension had code or not before? CC @alexdima |
|
@sandy081 I actually pinged Alex Dima on the first comment because this is his idea :) I should have mentioned that - sorry. |
|
We closed this issue because we don't plan to address it in the foreseeable future. If you disagree and feel that this issue is crucial: we are happy to listen and to reconsider. If you wonder what we are up to, please see our roadmap and issue reporting guidelines. Thanks for your understanding, and happy coding! |
Currently there is no difference in the extension UI if an extension is running code or has no code - like themes.
Also I believe that most of our users are unaware that extensions that they install can execute any code they want.
I think we should:
fyi @daviddossett @alexdima
The text was updated successfully, but these errors were encountered: