upvote

points

by 2OEH8eoCRo06 hours ago |
comments
upvoteby cmg5 hours ago|
next
[-]
A few days ago I saw I had an update to the Twig extension. The UI flagged it as having new executable code in the update bundle, so I didn't install the update, disabled the extension as I wasn't working on Drupal views that day, and went about my work. I didn't have time to investigate the new update's contents. When I went back to the extension page, it was taken down: https://open-vsx.org/extension/whatwedo/twig

I'm not saying it was whatwedo.twig, but I'm not saying it wasn't, either.

Edit: If anyone's got a good recommendation for a twig formatter for Cursor / VS Code, please let me know.

reply
upvoteby james2doyle5 hours ago|
parent|
next
[-]
I’ve used djlint on a liquid project and it worked well. It supports twig too: https://djlint.com/docs/languages/twig/

They also have an online demo/playground so you can at least give it a shot to see if it works.

I’ve used the twiggy LSP before and there seems to be a few VS code extensions for it: https://marketplace.visualstudio.com/items?itemName=moetelo.... and https://marketplace.visualstudio.com/items?itemName=Stanisla...

reply
upvoteby nightpool5 hours ago|
parent|
prev|
[-]
I'm not seeing anything on the official marketplace: https://marketplace.visualstudio.com/items?itemName=whatwedo...

I wonder if it was open-vsx specific?

reply
upvoteby cmg3 hours ago|
parent|
[-]
That’s very possible. I switch between Cursor and VS Code, don’t remember which it was that day.
reply
upvoteby Lyrkan10 minutes ago|
parent|
[-]
I think I checked a few weeks ago and whatwedo.twig was not on OpenVSX at that time, so I'm suspecting it is a case of name-squatting.

This seems to be confirmed here: https://socket.dev/openvsx/package/whatwedo.twig/versions/1....

reply
upvoteby Atotalnoob50 minutes ago|
prev|
next
[-]
It’s nx console

https://github.com/nrwl/nx-console/security/advisories/GHSA-...

reply
upvoteby vldszn6 hours ago|
prev|
[-]
There are rumours that was NX Console VS code extension

https://github.com/nrwl/nx-console/security/advisories/GHSA-...

https://www.stepsecurity.io/blog/nx-console-vs-code-extensio...

reply
upvoteby vldszn27 minutes ago|
parent|
next
[-]
UPD: it’s confirmed now by the CEO of Nx https://x.com/jeffbcross/status/2057236396658811020?s=46&t=_...
reply
upvoteby bmandale21 minutes ago|
parent|
[-]
> One of our developers was compromised by a recent supply-chain compromise on Tanstack

...which in turn was caused by bad design of github's CI pipeline. Funny how it all comes back around like that.

reply
upvoteby raverbashing5 hours ago|
parent|
prev|
next
[-]
Sounds like another "why even bother" extension, made to automate things that shouldn't be automated
reply
upvoteby vldszn4 hours ago|
parent|
prev|
[-]
[dead]
reply