What?! Really?! Link? I'm not a Zed user. That comment was based off a few minutes of research, and I guess a small dose hopium of a VSCode user and understanding what a shit show the extensions setup is and wanting someone to do better.
Yep, it pulls stuff from at least npm, it’s not a secret - check the source code.
Actually it pulls latest versions (checking registry then installing that exact version, not sure why they sidestep normal resolution algorithms) no matter what .npmrc may say, so min-release-age breaks almost everywhere it integrates with JS/TS ecosystem (most visibly, Copilot). I probably should’ve filed an issue.
It also installs Go packages but I haven’t looked into that.
Recent example I looked at: https://github.com/nilskch/zed-jj-lsp, which downloads jj-lsp if not found in the system. I have seen other extensions doing similar for convenience, but can't remember names to give concrete links.
> TL;DR: Mix of language tooling, unsigned proprietary blobs, corrupted and/or GLIBC-dependent files, redundant copies of already-installed executables. The Node packages especially are able to run scripts on install. Personal preference aside, might also create issues with security laws, certifications. All without user consent.
> Issues opened in January and June 2024. They've been rejected, closed, and opened a couple times since then. No changes directly improving this yet as of April 2026.
So... If you want broad language support via LSP servers, then you're going to have to bring in other ecosystems, and Node/Typescript is a big one that doesn't always have alternatives. [0] That's not a Zed-specific problem.
IMO the real issue with Zed is the "runs them by default without asking" part. Plus the questionable practices with binary blobs and the cavalier attitude in the discussions, when I can just use an editor that... Doesn't do any of that.
Zed literally downloads random executables and runs them by default without asking
What?! Really?! Link? I'm not a Zed user. That comment was based off a few minutes of research, and I guess a small dose hopium of a VSCode user and understanding what a shit show the extensions setup is and wanting someone to do better.
Yep, it pulls stuff from at least npm, it’s not a secret - check the source code.
Actually it pulls latest versions (checking registry then installing that exact version, not sure why they sidestep normal resolution algorithms) no matter what .npmrc may say, so min-release-age breaks almost everywhere it integrates with JS/TS ecosystem (most visibly, Copilot). I probably should’ve filed an issue.
It also installs Go packages but I haven’t looked into that.
Recent example I looked at: https://github.com/nilskch/zed-jj-lsp, which downloads jj-lsp if not found in the system. I have seen other extensions doing similar for convenience, but can't remember names to give concrete links.
https://news.ycombinator.com/item?id=40902826
Copying my own comment below, with GH links and my (non-AI) summary after skimming:
> https://github.com/zed-industries/zed/issues/7054
> https://github.com/zed-industries/zed/issues/12589
> TL;DR: Mix of language tooling, unsigned proprietary blobs, corrupted and/or GLIBC-dependent files, redundant copies of already-installed executables. The Node packages especially are able to run scripts on install. Personal preference aside, might also create issues with security laws, certifications. All without user consent.
> Issues opened in January and June 2024. They've been rejected, closed, and opened a couple times since then. No changes directly improving this yet as of April 2026.
So... If you want broad language support via LSP servers, then you're going to have to bring in other ecosystems, and Node/Typescript is a big one that doesn't always have alternatives. [0] That's not a Zed-specific problem.
IMO the real issue with Zed is the "runs them by default without asking" part. Plus the questionable practices with binary blobs and the cavalier attitude in the discussions, when I can just use an editor that... Doesn't do any of that.
[0] https://microsoft.github.io/language-server-protocol/impleme...
Yes, this is annoying. When doing editor testing, I always also have to open the activity monitor and force quit all extra processes started by Zed.