Comment by mjdv
2 hours ago
Until this post it wasn't clear to me that just opening and trusting a directory can cause code to be run without taking any other explicit actions that seem like they might involve running code, like running tests. My bad, but still!
The message displayed when asking if you want to trust the directory is pretty clear about it.
https://code.visualstudio.com/docs/editing/workspaces/worksp...
What is the stated reasoning for arbitrary code execution as a feature? Seems pretty mad to me.
Programming projects frequently feature scripts for building and packaging said projects, those have to be run somehow.
Bundling running those into the editor seems like the mad part to me, but I've missed the whole VSCode train so probably something I'm missing.
Makefiles etc. Many types of projects use arbitrary setup and build commands or can load arbitrary plugins, and unlike VS which imposes its own project format, VSC tries to be compatible with everything that people already use. Git hooks are another one.