Issue #100 (VS Code Extension Signing)03/20/24
Techpresso: Get Smarter About AI and Tech in 5 mins
Receive a daily summary of the most important AI and Tech news, carefully selected from 60+ media outlets.
Also includes a good dose of tech tools and programming-related apps and resources. Join 30,000+ professionals from OpenAI, Meta, Google, Microsoft, Hugging Face, JP Morgan, and more.
|
|
|
If you're concerned about the safety and security of VS Code extensions, the VS Code team took a step in the right direction back in 2022, when they announced something called VS Marketplace extension signing.
To quote directly from the update documentation where this was introduced:
"Every extension uploaded to the Visual Studio Marketplace starting from November 2022 is code signed by the VS Marketplace. When a user installs a signed extension through VS Code's Extensions view, VS Code will verify the signature, and thus prove that the extension is indeed coming from the VS Marketplace and that the extension package has not been modified. If the signature verification fails, VS Code will not install the extension."
They also went on to explain that all extensions in the Marketplace would progressively be signed, including ones that were last updated prior to November 2022. Naturally, this isn't a perfect solution for extension security, but it's a simple guarantee that the extensions you install are coming directly from the Marketplace, unaltered.
The post also explains that extension authors don't have to do anything different to have their extensions signed. This is now done automatically. But on a related note, they also stated that "publisher signing" was in the works and you can read a discussion on the topic in this VS Code discussions thread on GitHub.
As a final related side point: Yes, there is a GitHub repository, managed by Microsoft, dedicated to Visual Studio Code Community Discussions. This repo seems to be specifically for discussions about extension development. It's new to me too, so I'll be checking that out to see if there's anything interesting to share from there in future issues.
Now on to this week's hand-picked links!
|
|
VS Code Tools
|
OutlinePlus — A VS Code extension that improves on VS Code's outline feature, allowing you to search in outline view by variable and function names directly, track symbols, and improve navigation in large projects.
Tailwind Skeleton Generator — A VS Code extension for Skeleton Generator, to easily convert Tailwind + HTML (JSX/TSX) into animated loaders (i.e. "loading skeletons"), ensuring a seamless user experience as content loads.
Stay Alert with UptimeRobot — Join a community of over 2 million users and set up uptime monitoring for your website, server, port, SSL certificates, domain or response time and sit back and relax. UptimeRobot will send you instant alerts when your attention is needed. Sponsor
Bongo Cat Buddy — A fun-only VS Code extension that creates an animated 'bongo cat' to that types along with you as you write code in your editor.
VS Code Theme of the Week
|
Dukana — This is a relatively new theme that adds a royalty-inspired color scheme to VS Code's UI and syntax highlighting, amounting to yet another theme that uses purples liberally.
The package includes a single theme, so there are no alternates, but the extension page shows example screenshots in different code languages. While the colors are heavily on the purple and pink side, you may end up liking it for the excellent contrast.
|
|
|
|
VS Code Articles & Videos
|
|
|
Best of the Rest
|
Introducing CodeSandbox CDE — The CodeSandbox team recently announced Cloud Development Environments for their platform, making coding in the cloud available to all and helping teams improve collaboration.
inshellisense — IDE-style autocomplete for shells. A terminal native runtime for autocomplete which has support for 600+ command line tools and available for Windows, Linux, and macOS.
monday.com — Step into the future of work management, where efficiency isn't a goal; it's a given. From startups to industry giants, monday.com has transformed how teams work. Why not let your team be the next success story? Start your free trial today. Sponsor
termim.nvim — A Neovim plugin to improve your default Neovim terminal experience, keeping it super simple.
If you have any link suggestions, including a tool, article, or other resources related to VS Code or another IDE, send it via DM on X: @LouisLazaris or just hit reply on this email.
That's it for this issue.
Happy VS Coding!
Louis
VSCode.Email
@LouisLazaris
|
|
|