Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A good day not to be using Electronjs trash.


Electron has nothing to do with the exploit here. A Vim plugin would have just as much ability to run malware.


No one using vim will install the kind of extensions I found on the usual VS Code setup. And most don't even autoupdates.


I’m not sure this is true. Vim needs extensions even more than VS code since many basic features like full project code search or go to definition aren’t in the base vim.

And vim has package managers that make installing and updating packages as easy as vs code.

VS Code like npm are only the targets because they are the most popular, not because they are uniquely vulnerable.


> full project code search

grep

> go to definition

/definition

Not even using vim, I'm more of a micro person.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: