![www.scmagazine.com](https://files.scmagazine.com/wp-content/uploads/2024/06/AdobeStock_430394938_Editorial_Use_Only.jpg)
VSCode extensions with malicious code installed 229M times
Researchers issued an open letter to Microsoft requesting better security for its IDE marketplace.
Visual Studio Code is the perfect tool to ascertain which of your colleagues would jump off a cliff, just because Microsoft told them too.
I think people should be more honest to themselves. There is no-way in hell they would use this unportable mess of a text editor if it wasn't Microsoft branded. They didn't when it was originally GitHub Atom for example.
Well that's incredibly naive. I have used vscodium with the official marketplace for years.Visual Studio Code is the perfect tool to ascertain which of your colleagues would jump off a cliff, just because Microsoft told them too.
I think people should be more honest to themselves. There is no-way in hell they would use this unportable mess of a text editor if it wasn't Microsoft branded. They didn't when it was originally GitHub Atom for example.
I think maybe you should try vscode for that reason. Even though it's much more versatile than other IDE's it is setup quite fine out of the box.Hopefully not off topic, but I've never found an IDE that I was comfortable with. I can switch between vi and emacs without missing a beat, tags/ctags/etags are wonderful, but getting an IDE up and running takes too much effort for me. I've tried a bunch; and when working on code that is in a SCM system like git, so many pauses as things happen automatically in the background.
Those are all reasons I've never even thought about vscode
Got any links to Vim or Emacs packages that contain malware?As for the security concerns, this isn't specific to the vscode marketplace at all. Emacs and Vim packages can also contain malware, these editors just see much fewer use nowadays.
The fact that there are none known currently doesn't mean they can't or won't exist. [1]Got any links to Vim or Emacs packages that contain malware?
No it isn't. People have been jumping off cliffs for years. VSCode(ium) is just the current branded cliff.Well that's incredibly naive. I have used vscodium with the official marketplace for years.
These are the same guys who stated the years before that Microsoft Visual Studio was best because it is fully integrated with the compiler without plugins. Only to jump to Microsoft's VSCode because "it supports plugins" and "is no longer integrated with a single vendors compiler". Bunch of clowns.Among professional developers, 74% makes use of vscode. That's just the reality of modern software development.
Honestly, you are truely the minority there! Most people have not even heard of Atom.I did use it back when it was Atom
I imagine you have a backup editor for every time the VSCode package breaks?Time to bite the bullet and learn how to customize Emacs the way I like editors to look and work.
I think zed is interesting, but it also comes at 155% the installed size of vscode and I don't care that much for it's performance improvements (vscode is already surprisingly fast).I am happy with nvi (& acme) but vscode users may want to try out the zed editor -- even has vim bindings. Written by the people who wrote Atom. I tried it out on a mac and seems quite zippy. There is work in progress for linux, windows and web versions. See https://github.com/zed-industries/zed
Oh they are. Many just don't feel the need to cram them into the text editor. For example the standard Java debugger (jdb) is a command line program and you can interface with it in the same way as gdb/lldb.These tools might not be required for your work but they sometimes are for us.
I'm a vim fan, emacs drives me nuts.I respect those who stick solely to vim or emacs, but those tools really can't suit everyone.
They want you to be a "windows ready" programmer. If you know their editor, you can sit down at an MS O/S and start typing. And they had to think of something to soak up the power of all those latest chips ( https://www.notebookcheck.net/Lenov...eplaces-the-ThinkPad-X1-Extreme.760877.0.html ) so "we may as well bloat out the IDE, we already made Paint3d as big as we possibly could". Think of your time running VSC on linux/bsd as your initial windows training. Yeah, I know, I'm a dinosaur...People seem to forget that VSCode is made by Microsoft for Microsoft and its products. Anyone else is an afterthought or a marketing attempt to drag you into their universe.
That does not make sense to me. I have a workflow that works fine for me: edit in this window, grep in that window, make in the other, run/debugger in another if needed.I think maybe you should try vscode for that reason. Even though it's much more versatile than other IDE's it is setup quite fine out of the box.
What do you mean, if vscode can emulate the emacs keymappings? There are some extensions that do stuff like that.Can this thing be configured to use Emacs key combinations in text fields?