upvote

points

by 3eb7988a16635 hours ago |
comments
upvoteby StrangeSound1 hours ago|
next
[-]
And it's only getting worse with the waves of vibe-coders.

I actually wrote about this recently after poking around a popular extension that Antigravity users were installing. It's wild what people are doing with your credentials, and you'd have no idea! https://opista.com/posts/blind-trust-in-vs-code-extensions

reply
upvoteby dawnerd1 hours ago|
parent|
[-]
I got in an argument with someone the other day that said their vibe coded app was more secure than something hand written because the ai “knows all exploits”.

We’re cooked.

reply
upvoteby christoph-heiss1 hours ago|
parent|
[-]
That's why any repo with a README ridden with emojis (and other telltale signs) is just an instant nope nowadays.

(One of the only good things about GH is, that if you block some account, it will tell you if that account contributed to some repo at the top. Makes it very easy to filter out slopcode.)

reply
upvoteby MantisShrimp905 hours ago|
prev|
next
[-]
The only real answer is something like web assembly and that would be a major breaking change for them.

This is why allot run dev containers but agreed this really should be top priority but instead is probably in the "maybe if we have a major security incident" bucket of concerns as these things often are

reply
upvoteby frehu5 hours ago|
prev|
next
[-]
There's no malware in it currently, but I understand your concerns - I could be lying, go rogue later, or just get my access stolen.

One option is to vet a version yourself and disable auto-update, but that's not really feasible to spend time on for most people.

reply
upvoteby 3eb7988a16635 hours ago|
parent|
[-]
Sorry, no sleight intended against you, just a general concern as more and more cool utilities keep getting built into the platform.
reply
upvoteby frehu5 hours ago|
parent|
[-]
No offense taken, you actually made me reconsider trying out random extensions that sound like mine to make sure i'm not reinventing the wheel
reply
upvoteby benatkin5 hours ago|
prev|
next
[-]
Doesn't seem like it. It will be stuck in a security theater situation, just like Chrome extensions. Not an upgrade from the old highly powerful firefox extensions or those of the Atom text editor.
reply
upvoteby frehu4 hours ago|
prev|
[-]
[dead]
reply