Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, whenever I’m reading untrusted code, I don’t want to be using a language server - most of them execute arbitrary code, and I do not want that.


That’s a completely separate concern, it’s not like a new language server is downloaded for each file you open. I don’t know if Zed has a “safe mode” like some other editors, if it doesn’t you should ask for that instead. Unless of course you never open untrusted files in a language you’re familiar with, which would make you extremely peculiar.


No, but one would be downloaded the first time I'm opening some NPM backdoorfest.


Open it in something else then.

If you use Zed you must have known the language server was running when you tried it, how did you think that was happening?


This kind of article or reddit post and discussion is how you know, at least for some people.

Anyway, you asked who would care. Now the topic has moved to "what to do about it", which is hardly an issue. Of course people who think Zed has a problem will not use it. That does not make it a non-problem.


tbh this "article" looks a lot like a reddit outrage post.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: