Comment by jhancock
4 hours ago
In VS Code settings search for "tasks" you will find "Task: Allow Automatic Tasks"...turn it off.
Anything else that should be locked down?
4 hours ago
In VS Code settings search for "tasks" you will find "Task: Allow Automatic Tasks"...turn it off.
Anything else that should be locked down?
Don't mark the folder as trusted when you open in VsCode. The number of other hooks that may exist is going to be hard to track down (especially because each addon may add their own).
This may only provide a flalse sense of security. Afaik, there is no way to disable workspace settings taking priority over user settings, so a malious repo can easily override them and reenable automatic tasks.
Even if you lock everything now, what if the thing autoupdates with new helpful "features". You can't patch bad development culture.
Unrestricted outbound connections, specially from curl/wget/bash
Sounds like autorun on usb drives all over again. They cant learn
Yes, uninstall the whole thing. It's just a Chromium covered with a bunch of JavaScript.