Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
General Discussion on Workspace Trust Feature
See original GitHub issueTrusted Workspace
The trusted workspaces concept is intended to centralize and unify a security conscious decision required by a variety of VS Code features. The easiest existing example to understand of this decision is with the ESLint extension. The ESLint extension will try to use the eslint module in the current folder that is opened in VS Code and execute code from it. Since you may have checked out a random repository from the web, this could be dangerous if the repository contains a corrupt eslint module. Notice that ESLint is not trying to be malicious, but rather, the repository/corrupt module is taking advantage of this automatic code execution.
With Trusted Workspaces, the user will be able to declare whether or not they trust the folder that is opened in VS Code before these features are executed.
Current Subscribers
Extensions
Extensions should use this guide to participate in workspace trust.
Tasks
Tasks will not execute in an untrusted workspace.
Status Bar Indication
A trusted state is indicated with a small green icon. An untrusted state is indicated with the icon and text.
Management
The following json editor is a stand-in for a more feature-rich editor. We intend to replace this soon.
Try it out
Enable the setting
Add "security.workspace.trust.enabled": true to your settings.json.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:26
- Comments:32 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I think extensions having to opt-out of working in non-trusted workspaces is the wrong approach. It will do nothing for unmaintained extensions and extensions for which the author did not know about the trusted workspaces concept. This will likely give the user a false sense of security. Instead I think extensions should opt-in to working in non-trusted workspaces. While this will require more effort on the end of extension authors, which admittedly may make this impractical, it should drastically reduce the amount of extensions working in non-trusted workspaces that should only be exposed to trusted workspaces.
Can there be an option to just not ‘trust’ any workspace as a default, or maybe the pop up dialog can have a ‘don’t trust, stop asking me, and continue’ option and stop prompting me each time I open a new subdir in a given workspace? It’s quite annoying the way it’s working at the moment. I’ve been prompted multiple times on this 1 project workspace today already… perhaps this is unintended behaviour?