Issue #100  (VS Code Extension Signing)03/20/24

Advertisement
Techpresso: Get Smarter About AI and Tech in 5 mins

Receive a daily summary of the most important AI and Tech news, carefully selected from 60+ media outlets.

Techpresso

Also includes a good dose of tech tools and programming-related apps and resources. Join 30,000+ professionals from OpenAI, Meta, Google, Microsoft, Hugging Face, JP Morgan, and more.


If you're concerned about the safety and security of VS Code extensions, the VS Code team took a step in the right direction back in 2022, when they announced something called VS Marketplace extension signing.

To quote directly from the update documentation where this was introduced:
 
"Every extension uploaded to the Visual Studio Marketplace starting from November 2022 is code signed by the VS Marketplace. When a user installs a signed extension through VS Code's Extensions view, VS Code will verify the signature, and thus prove that the extension is indeed coming from the VS Marketplace and that the extension package has not been modified. If the signature verification fails, VS Code will not install the extension."

They also went on to explain that all extensions in the Marketplace would progressively be signed, including ones that were last updated prior to November 2022. Naturally, this isn't a perfect solution for extension security, but it's a simple guarantee that the extensions you install are coming directly from the Marketplace, unaltered.

The post also explains that extension authors don't have to do anything different to have their extensions signed. This is now done automatically. But on a related note, they also stated that "publisher signing" was in the works and you can read a discussion on the topic in this VS Code discussions thread on GitHub.
 
VS Code Discussions Repo

As a final related side point: Yes, there is a GitHub repository, managed by Microsoft, dedicated to Visual Studio Code Community Discussions. This repo seems to be specifically for discussions about extension development. It's new to me too, so I'll be checking that out to see if there's anything interesting to share from there in future issues.

Now on to this week's hand-picked links!
 

VS Code Tools

OutlinePlus — A VS Code extension that improves on VS Code's outline feature, allowing you to search in outline view by variable and function names directly, track symbols, and improve navigation in large projects.

Tailwind Skeleton Generator — A VS Code extension for Skeleton Generator, to easily convert Tailwind + HTML (JSX/TSX) into animated loaders (i.e. "loading skeletons"), ensuring a seamless user experience as content loads.

Stay Alert with UptimeRobot — Join a community of over 2 million users and set up uptime monitoring for your website, server, port, SSL certificates, domain or response time and sit back and relax. UptimeRobot will send you instant alerts when your attention is needed.   Sponsor 

Bongo Cat Buddy — A fun-only VS Code extension that creates an animated 'bongo cat' to that types along with you as you write code in your editor.


VS Code Theme of the Week

Dukana — This is a relatively new theme that adds a royalty-inspired color scheme to VS Code's UI and syntax highlighting, amounting to yet another theme that uses purples liberally.

Dukana Theme for VS Code

The package includes a single theme, so there are no alternates, but the extension page shows example screenshots in different code languages. While the colors are heavily on the purple and pink side, you may end up liking it for the excellent contrast.

VS Code Articles & Videos

📺 Using VS Code on an Apple Vision Pro — YouTube video covering how to use VS Code on Apple's mixed-reality headset, looking at three methods: A virtual screen on a Mac, VS Code on the web in Safari, and using a remote tunnel.

Mastering the Art of Debugging in Docker Containers with VS Code — A short post with a quick bullet list of tips on debugging Node.js in Docker using VS Code.

How To Prevent VS Code From Opening New Files in the Same Tab — This is an old but popular Stack Overflow thread on a problem that can be fixed by changing a single setting in VS Code.

The Morning Paper for Tech — Want a byte-sized version of Hacker News that takes just a few minutes to read? Try TLDR's free daily newsletter. It covers the most interesting tech, startup, and programming stories in just 5 minutes. No sports and no politics.  Sponsor 

Best of the Rest

Introducing CodeSandbox CDE — The CodeSandbox team recently announced Cloud Development Environments for their platform, making coding in the cloud available to all and helping teams improve collaboration.

inshellisense — IDE-style autocomplete for shells. A terminal native runtime for autocomplete which has support for 600+ command line tools and available for Windows, Linux, and macOS.

monday.com — Step into the future of work management, where efficiency isn't a goal; it's a given. From startups to industry giants, monday.com has transformed how teams work. Why not let your team be the next success story? Start your free trial today.  Sponsor 

termim.nvim — A Neovim plugin to improve your default Neovim terminal experience, keeping it super simple.

Suggestions?

If you have any link suggestions, including a tool, article, or other resources related to VS Code or another IDE, send it via DM on X: @LouisLazaris or just hit reply on this email.

That's it for this issue.

Happy VS Coding!
Louis
VSCode.Email
@LouisLazaris
Copyright © VSCode.Email. All rights reserved.

Not affiliated with Microsoft, Visual Studio Code, or any of its trademarks.