Is Microsoft ever going to implement proper VS Code plugin sandboxing? There are so many good extensions I would like to use, but I hate the security implications of loading yet more unvetted code for a nice-to-have.
Then again, I see that the top buzz in the industry is about Claws and letting LLMs run loose with only a handshake agreement to be safe, and I already know the answer.
MantisShrimp90 3 hours ago [-]
The only real answer is something like web assembly and that would be a major breaking change for them.
This is why allot run dev containers but agreed this really should be top priority but instead is probably in the "maybe if we have a major security incident" bucket of concerns as these things often are
frehu 3 hours ago [-]
There's no malware in it currently, but I understand your concerns - I could be lying, go rogue later, or just get my access stolen.
One option is to vet a version yourself and disable auto-update, but that's not really feasible to spend time on for most people.
3eb7988a1663 3 hours ago [-]
Sorry, no sleight intended against you, just a general concern as more and more cool utilities keep getting built into the platform.
frehu 3 hours ago [-]
No offense taken, you actually made me reconsider trying out random extensions that sound like mine to make sure i'm not reinventing the wheel
benatkin 3 hours ago [-]
Doesn't seem like it. It will be stuck in a security theater situation, just like Chrome extensions. Not an upgrade from the old highly powerful firefox extensions or those of the Atom text editor.
frehu 2 hours ago [-]
[dead]
helle253 3 hours ago [-]
This is really neat - i especially like the heatmap, makes it very easy to immediately figure out what is actively being worked on, even in the regular file explorer view
that said, I'm not sure i plan on using it long term - as someone else pointed out, the lack of extension sandboxing does make me feel a bit uncomfortable for extensions like this that aren't backed by large entities.
timfsu 3 hours ago [-]
Love this idea. Working with AI assistants, I find it easier to push to GitHub to look at the changes, rather than use my IDE. I wish that wasn’t the case, so this makes a ton of sense.
vldszn 1 hours ago [-]
Looks very cool, starred on github and downloaded extension :)
frehu 4 hours ago [-]
File explorer with a twist - instead of 5000 files of which you need to see 20, shows pending changes + files modified within a time window (pending, 3 days, 7 days, 30 days, etc.) pulled from Git history. This way you don't get lost browsing everything or lose track of your work immediately after a commit.
Beyond the core concept, there's also
- A heatmap that colors files based on recency
- Deleted files appear in the tree where they used to be
- A pinned section for files that are not recent but handy
- File history, diff search (pickaxe) and git log -L line/function history available from editor context menu
- File grouping based on the moon phase during the most recent commit (good luck finding alternative software for this)
banku_brougham 4 hours ago [-]
looks pretty cool! Ive definitely been wanting some improvement in file discovery and exploration
aquir 3 hours ago [-]
This is a great idea! I will give it a try!
brcmthrowaway 3 hours ago [-]
Is there something like this integrated with Ctrl P vim?
frehu 2 hours ago [-]
I don't use vim so i'm not sure what you mean exactly, but if you want a file quick pick like vscode's ctrl+p but for the fresh files, that's something i have - the default binding is ctrl+q, f.
Rendered at 22:16:04 GMT+0000 (Coordinated Universal Time) with Vercel.
Then again, I see that the top buzz in the industry is about Claws and letting LLMs run loose with only a handshake agreement to be safe, and I already know the answer.
This is why allot run dev containers but agreed this really should be top priority but instead is probably in the "maybe if we have a major security incident" bucket of concerns as these things often are
One option is to vet a version yourself and disable auto-update, but that's not really feasible to spend time on for most people.
that said, I'm not sure i plan on using it long term - as someone else pointed out, the lack of extension sandboxing does make me feel a bit uncomfortable for extensions like this that aren't backed by large entities.
Beyond the core concept, there's also
- A heatmap that colors files based on recency
- Deleted files appear in the tree where they used to be
- A pinned section for files that are not recent but handy
- File history, diff search (pickaxe) and git log -L line/function history available from editor context menu
- File grouping based on the moon phase during the most recent commit (good luck finding alternative software for this)