Is Microsoft <i>ever</i> going to implement proper VS Code plugin sandboxing? There are so many good extensions I would like to use, but I hate the security implications of loading yet more unvetted code for a nice-to-have.<p>Then again, I see that the top buzz in the industry is about Claws and letting LLMs run loose with only a handshake agreement to be safe, and I already know the answer.
And it's only getting worse with the waves of vibe-coders.<p>I actually wrote about this recently after poking around a popular extension that Antigravity users were installing. It's wild what people are doing with your credentials, and you'd have no idea! <a href="https://opista.com/posts/blind-trust-in-vs-code-extensions" rel="nofollow">https://opista.com/posts/blind-trust-in-vs-code-extensions</a>
The only real answer is something like web assembly and that would be a major breaking change for them.<p>This is why allot run dev containers but agreed this really should be top priority but instead is probably in the "maybe if we have a major security incident" bucket of concerns as these things often are
There's no malware in it currently, but I understand your concerns - I could be lying, go rogue later, or just get my access stolen.<p>One option is to vet a version yourself and disable auto-update, but that's not really feasible to spend time on for most people.
Doesn't seem like it. It will be stuck in a security theater situation, just like Chrome extensions. Not an upgrade from the old highly powerful firefox extensions or those of the Atom text editor.
[dead]
This is really neat - i especially like the heatmap, makes it very easy to immediately figure out what is actively being worked on, even in the regular file explorer view<p>that said, I'm not sure i plan on using it long term - as someone else pointed out, the lack of extension sandboxing does make me feel a bit uncomfortable for extensions like this that aren't backed by large entities.
Love this idea. Working with AI assistants, I find it easier to push to GitHub to look at the changes, rather than use my IDE. I wish that wasn’t the case, so this makes a ton of sense.
File explorer with a twist - instead of 5000 files of which you need to see 20, shows pending changes + files modified within a time window (pending, 3 days, 7 days, 30 days, etc.) pulled from Git history. This way you don't get lost browsing everything or lose track of your work immediately after a commit.<p>Beyond the core concept, there's also<p>- A heatmap that colors files based on recency<p>- Deleted files appear in the tree where they used to be<p>- A pinned section for files that are not recent but handy<p>- File history, diff search (pickaxe) and git log -L line/function history available from editor context menu<p>- File grouping based on the moon phase during the most recent commit (good luck finding alternative software for this)
Looks very cool, starred on github and downloaded extension :)
looks pretty cool! Ive definitely been wanting some improvement in file discovery and exploration
This is a great idea! I will give it a try!
Is there something like this integrated with Ctrl P vim?
I don't use vim so i'm not sure what you mean exactly, but if you want a file quick pick like vscode's ctrl+p but for the fresh files, that's something i have - the default binding is ctrl+q, f.