Comment by mentalgear
17 hours ago
PS: People would be best to run your IDE Extensions in devcontainers only ... also better put VSCode in a VM as well.
17 hours ago
PS: People would be best to run your IDE Extensions in devcontainers only ... also better put VSCode in a VM as well.
The problem with all these permissions ideas: VSCode in most cases is expected to be able to push to a git repo. Many developers these days use it over the CLI for pushes and pulls.
So if it has a "minimal" set of access, it has access to a Github key. That's enough.. to do this sort of damage.
Indeed, we must ensure to scope our GH keys per repo then.