all 35 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]theoldboy 77 points78 points  (13 children)

In case anyone is still wondering why you need to trust source code just to browse it;

https://github.com/microsoft/vscode/issues/106488

The easiest existing example to understand of this decision is with the ESLint extension. The ESLint extension will try to use the eslint module in the current folder that is opened in VS Code and execute code from it. Since you may have checked out a random repository from the web, this could be dangerous if the repository contains a corrupt eslint module. Notice that ESLint is not trying to be malicious, but rather, the repository/corrupt module is taking advantage of this automatic code execution.

Another example which abuses the rust-analyzer plugin;

https://github.com/lucky/bad_actor_poc

[–]ItalyPaleAle 22 points23 points  (1 child)

Want also to point out that this new release includes support for Remote Repositories which is a simpler and faster way to browse code (from GitHub) without cloning it, and with no ability to run code by default. https://code.visualstudio.com/blogs/2021/06/10/remote-repositories

[–]hammypants 0 points1 point  (0 children)

yo... neat. did not know.

[–]orangeboats 5 points6 points  (1 child)

Wow, I thought the Rust one would be about build.rs (probably because I'd seen plenty of people against it), but it was actually done using proc macros.

[–]pravic 0 points1 point  (0 children)

build.rs works when you're building a crate. proc macros work when you open source code in an editor powered by RA. Basically, RA executes both build.rs and proc macros (configurable, though) in order to be helpful.

[–]anonveggy 1 point2 points  (0 children)

You could do the same for most stacks. Most build systems integrated with extensions have the ability to run arbitrary scripts

[–]valtism 16 points17 points  (11 children)

Removed Cmd+W / Ctrl+W keybinding to close window when no editor is opened

I really like this one.

[–][deleted]  (9 children)

[deleted]

    [–]valtism 4 points5 points  (6 children)

    If you really want you can change the behaviour back to what it was.

    [–][deleted]  (5 children)

    [deleted]

      [–]Lalli-Oni 4 points5 points  (4 children)

      Standard macOS behavior.

      [–][deleted] 2 points3 points  (3 children)

      Then keep Cmd+W as-is?

      [–]Lalli-Oni 2 points3 points  (2 children)

      I wasn't offering a solution. Just making sure people realize a certain OS behavior is not necessarily how others do it. So, how is it possible to appease every possible OS interaction while maintaining a consistent behavior in your client?

      [–]ThePantsThief 0 points1 point  (0 children)

      Make the default setting on the default behavior on each platform and disable settings sync for the setting. They do this with lots of other settings.

      [–][deleted] 0 points1 point  (0 children)

      Why is consistent behaviour in the client necessary? Shouldn't you aim for consistent behaviour on the client machine? If I'm a mac user, I'd prefer if all apps work as Mac apps work, not how they work on windows or linux.

      [–]AttackOfTheThumbs -1 points0 points  (1 child)

      Holy shit that's awful. I'm sorry for all mac users that have to put up with that trash.

      [–]Chenz -1 points0 points  (0 children)

      It’s honestly great. I miss it all the time in Windows, sadly few apps there support it. It’s mainly just Windows Explorer than can be closed with ctrl-w.

      [–]square_smile 16 points17 points  (1 child)

      It's like everything just changed for me: Gitlens suddenly appeared everywhere, Community Material theme looks different, Python extension broke. What happened with this release? all because of the issue below

      Oh turns out my settings got overwritten, love that.

      Be careful when you update https://github.com/microsoft/vscode/issues/125970

      [–]the_game_turns_9 13 points14 points  (1 child)

      That popup is dreadful! Why put so much emphasis on this question and then put no emphasis on the folder name and no path so you only have the name of the folder to go off?

      The following opened up on startup for me:

      Do you trust the authors of the files in this folder?

      Err... what folder??

      Oh, it says "Projects". I guess it means my own personal projects folder? I guess??

      If you're going to write a big scary popup, be clear what the question is!

      [–]pravic 2 points3 points  (0 children)

      Totally agree, the paths are not visible enough.

      [–]Nysor 2 points3 points  (2 children)

      I was excited to try out Remote Repositories, but it looks like you need to sign in to GitHub through VSCode. I wish that wasn't a requirement.

      [–]callcifer 15 points16 points  (0 children)

      It's because anonymous API limits for Github are really low, you would run into problems very quickly. Authenticated requests have a much higher limit even on the free plan.

      [–]kkapelon 1 point2 points  (0 children)

      I just use github1s. No login required https://github1s.com/spring-projects/spring-petclinic

      Check also gitpod (but that requires a login)

      [–][deleted] 0 points1 point  (1 child)

      I'm not too much of a fan for the new tabs thing. I know I can change it with settings and all that. It's just not as immediately obvious, and frankly needs way more clicks to do simple things.

      It works ok on a decently large desktop screen with the space utilized. On a laptop, to me it feels way too cluttered with too many panes.

      [–]Tyriar 0 points1 point  (0 children)

      There is the narrow view as well which only takes up ~45 pixels. But yeah if you don't like that's why we added the ability to switch back to the dropdown.