Comment on VS Code’s Token Security: Keeping Your Secrets… Not So Secretly
excel@lemmy.megumin.org 1 year ago
So what? Malicious extensions can do anything. Don’t run untrusted code on any computer you care about, ever. This is true for any IDE extension, any NPM package, any mod pack, etc.
doppelgangmember@lemmy.world 1 year ago
JS devs sweating over their spiderweb of NPM libraries