undefined | Better HN

0 pointsmhd1y ago0 comments

> Not clicking yes for every language server.

How many language servers are we talking about here for the average dev? Three?

0 comments

theultdev1y ago

Yes, but you would have it for each time you opened a new workspace.

The only point of this would be if you didn't want to download the language server for untrusted code.

I think what people really want is workspace location permissions...

Ygg21y ago

Wait, what. Why should you keep downloading Node per workspace? If you have one installed already?

theultdev1y ago

Not downloading, but enabling. The downloading of Node isn't really the issue that people are trying to make it.

The real problem is "running" the language server on untrusted code. That's where there should be a confirm dialog.

But it's a separate issue about workspace permissions.

That's the only vulnerability here and it exists on at least one some level in all editors in language servers. (VSCode's workspace permissions aren't that secure)

j / k navigate · click thread line to collapse

0 comments

theultdev1y ago

Yes, but you would have it for each time you opened a new workspace.

The only point of this would be if you didn't want to download the language server for untrusted code.

I think what people really want is workspace location permissions...

Ygg21y ago

Wait, what. Why should you keep downloading Node per workspace? If you have one installed already?

theultdev1y ago

Not downloading, but enabling. The downloading of Node isn't really the issue that people are trying to make it.

The real problem is "running" the language server on untrusted code. That's where there should be a confirm dialog.

But it's a separate issue about workspace permissions.

That's the only vulnerability here and it exists on at least one some level in all editors in language servers. (VSCode's workspace permissions aren't that secure)

j / k navigate · click thread line to collapse