I would love if some experts could comment on the security profile of this. It s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		0cf8612b2e1e 7 months ago \| parent \| context \| favorite \| on: Malicious versions of Nx and some supporting plugi... I would love if some experts could comment on the security profile of this. It sounds like it should be fine, but there are so many gotchas with everything that I use full VMs for development. One immediate stumbling block- the IDE would be running in my host, which has access to everything. A malicious IDE plugin is a too real potential vector.

evertheylen 7 months ago | [–]

I actually run code-server (derivative of VSCode) inside the container! But I agree that there can be many gotchas, which is why I try to collect as much feedback as possible.

christophilus 7 months ago | [–]

I run the ide (neovim) in the container along with npm, cargo, my dev / test databases, etc. It’s a complete environment (for me).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact