Block Extension Access to Sensitive Files in the Project #235526
Labels
extensions
Issues concerning extensions
feature-request
Request for new features or functionality
file-io
File I/O
Milestone
Comments
|
extensions can modify the settings file |
bpasero
added
feature-request
|
This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 20 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation. Happy Coding! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
related to #52116
Currently, VSCode extensions have access to all files within a project by default. This poses a potential security risk, as projects may include files containing sensitive information, such as .env files.
To enhance security, it would be valuable to allow developers to explicitly mark certain files or patterns as sensitive in .vscode/settings.json. Files marked as sensitive would remain invisible to all third-party code, including extensions.
Proposed Feature:
Introduce a files.sensitive setting in the workspace configuration to define sensitive files. Example:
{ "files.sensitive": { "**/.env": true } }This feature would:
The text was updated successfully, but these errors were encountered: