VS Code Remote Editing: Full-Scale Invasion or Convenient Development?
2025-02-08
This post discusses the security implications of VS Code's remote editing feature. While VS Code offers remote editing similar to Emacs's Tramp, it differs significantly. Instead of a lightweight connection, VS Code downloads an agent that runs a Node.js program on the remote server, granting it extensive access: filesystem navigation, file editing, shell process launching, and self-persistence. The author argues this approach is overly 'invasive' and poses security risks, especially on development or production servers. While the author's team found a workaround, the post serves as a cautionary tale about the potential vulnerabilities.
(fly.io)
Development
Remote Editing