Trusted Workspace

The trusted workspaces concept is intended to centralize and unify a security conscious decision required by a variety of VS Code features. The easiest existing example to understand of this decision is with the ESLint extension. The ESLint extension will try to use the eslint module in the current folder that is opened in VS Code and execute code from it. Since you may have checked out a random repository from the web, this could be dangerous if the repository contains a corrupt eslint module. Notice that ESLint is not trying to be malicious, but rather, the repository/corrupt module is taking advantage of this automatic code execution.

With Trusted Workspaces, the user will be able to declare whether or not they trust the folder that is opened in VS Code before these features are executed.

Current Subscribers

Extensions

Extensions should use this guide to participate in workspace trust.

Tasks

Tasks will not execute in an untrusted workspace.

Status Bar Indication

A trusted state is indicated with a small green icon. An untrusted state is indicated with the icon and text.

Management

The following json editor is a stand-in for a more feature-rich editor. We intend to replace this soon.

Try it out

Enable the setting

Add "security.workspace.trust.enabled": true to your settings.json.