If you don't have the ability to police extensions you're basically putting your users up for sale?

joshuaissac 6 hours ago | parent | next [-]

But they support extensions on desktop.

The problem you linked to also happened on desktop because there is no VSCode for phones.

atraac 6 hours ago | parent | prev | next [-]

Your users don't have to use those extensions, so I don't understand how that's relevant? People who do, should be made aware of risks and that's it. This is not a good argument against taking away their option to have that customization.

▲

hvb2 5 hours ago | parent [-]

I'm having a hard time finding a thread where people don't complain about npm when the real issue is packages being compromised.

Swap packages for extensions in the above and let me know how that's different

	▲	ThunderSizzle 3 hours ago \| parent [-]
		But what's your argument? That phone-based extensions are more vulnerable somehow than desktop extensions? If anything, wouldn't a phone extension be more sandboxed than most desktop environments?

▲

eviks 6 hours ago | parent | prev | next [-]

No, if that were true, there would be no extension support on non-mobile

▲

zerr 4 hours ago | parent | prev [-]

They can add support for Chrome and Edge extensions marketplaces.