Issue #175 (Safeguarding VS Code Against Prompt Injections)08/27/25
6 Days of Hands-On Visual Studio Training in Orlando
Take your coding skills to the next level at Visual Studio Live! Orlando, part of Live! 360 Tech Con, November 16–21, 2025. Across 6 days, dive deep into Visual Studio, .NET, C#, Azure, Blazor, and more with real-world guidance from Microsoft experts and industry leaders.
Whether you’re building web apps, enterprise solutions, or modern cloud-based services, you’ll leave with practical skills you can apply immediately.
|
Special Offer: Save $500 off standard pricing when you register with code VSCODE. Don’t miss your chance to level up your dev career.
|
|
You're probably familiar with the different cursor-related editing modes available in VS Code and other popular text editors. For example, multi-cursor mode and the often overlooked box select (or column select).
Box select allows you to drag your cursor over a box, or column, in your code so you can easily edit a vertical portion of code that spans multiple lines. You can enable box select with SHIFT + ALT/OPT while dragging with your mouse.
But sometimes you may want to do multi-cursor select depending on a specific pattern that's repeated in your code, which would be too tedious to do manually. Let's say you have the following JSON:
|
[
{ "id": 1, "name": "Alice" },
{ "id": 2, "name": "Bob" },
{ "id": 3, "name": "Charlie" },
{ "id": 4, "name": "Diana" }
]
|
If you want to add the same property/value pair to the end of each of those JSON objects, you could do it quickly using a regular expression trick. Follow these steps:
- In your file, open the "find" box (CTRL/CMD-F)
- Enable regex mode using the button marked with .*
- Search for \}
- Hit ALT/OPT+ENTER
This will insert a cursor immediately following every closing curly brace (which is what the regex matches). From there you simply have to move the cursors over so they insert before the curly brace and you can then enter your new repeated object.
The last step is the trigger, because it adds the cursors in those exact spots matched by the regular expression. From there, you just edit as usual in multi-select mode.
The example above uses a short JSON snippet, but this is a neat trick to keep in mind if you need a not-so-easy multi-select edit that might span many lines. And of course, you may have to adjust the regex if the JSON has nested objects, but you get the gist of it.
Now on to this week's hand-picked links!
|
|
|
VS Code Tools
|
Ultracite — A fast, intuitive and simple development tool, built on top of Biome, that brings automated code formatting and linting to your JS/TS projects, and can generate rules files for most popular IDEs and agents.
Camouflage — A VS Code extension that helps protect sensitive environment variables by hiding their values in .env files, useful for screen sharing, recordings, taking screenshots, etc.
6 Days of Hands-On Visual Studio Training in Orlando — Join Visual Studio Live! Orlando, Nov 16–21, 2025, for 6 days of hands-on .NET, C#, Azure, and Blazor training. Save $500 with code VSCODE – register now! Sponsor
Command Cycle — A VS Code extension that enables the repeated execution of a user-defined sequence of commands, configured within your keybindings.json file, providing a customizable workflow.
TM Runner — A VS Code extension that adds a "run" button in .md or .tm files (for Markdown) allowing you to run commands inside those files.
|
VS Code Theme of the Week
|
Plastic — This is the definition of a theme that stays out of your way. If you like simple dark themes that aren't too flashy, this is a good choice.
Interestingly, the only variation of the theme included in the extension is one called "Plastic - deprioritised punctuation", which adds a darker color to all punctuation marks, if you prefer that slight change in the syntax highlighting.
|
|
|
| |
|
|
VS Code Articles & Videos
|
Safeguarding VS Code Against Prompt Injections — The GitHub blog looks at vulnerabilities in Copilot Chat that could allow attackers to leak GitHub tokens, access sensitive files, or execute arbitrary code without user confirmation, followed by some ways to mitigate the risk and increase security.
📺 More Features of Vue's VS Code Extension — A video rundown by Alexander Lichter on some of the features of the official Vue VS Code extension, including inlay hints, drag & drop, reactivity visualization, etc.
The Morning Paper for Tech — Want a byte-sized version of Hacker News that takes just a few minutes to read? Try TLDR's free daily newsletter. It covers the most interesting tech, startup, and programming stories in just 5 minutes. No sports and no politics. Sponsor
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VS Code Fork; Putting Millions at Risk — A write-up on a recent vulnerability discovery. But to put your mind at ease, this article was published after the bug was reported and fixed (see the timeline at the end of the piece).
|
|
|
Best of the Rest
|
Warp — An agentic development environment for Mac, Linux, and Windows, tha's customizable and enables you to write and ship code quickly with multi-agent management and a Drive feature for team collaboration.
Claude Powerline — A Vim-style powerline statusline for Claude Code with real-time usage tracking, Git integration, and custom themes.
Tech Productivity — One of my other weekly newsletters, a brief one sent every Monday that features tips, tools, apps, and articles on productivity, focus, work culture, and more, mostly in the tech industry. Sponsor
Awesome GitHub Copilot Customizations — A curated collection of prompts, instructions, and chat modes to supercharge your GitHub Copilot experience across different domains, languages, and use cases.
If you have any link suggestions, including a tool, article, or other resource related to VS Code or another IDE, you can hit reply, send it via DM on X, or via chat on Bluesky.
That's it for this issue.
Happy VS Coding!
Louis
VSCode.Email
@LouisLazaris
|
|
|
