Extension allow list and/or blocklist policy #168932
Comments
|
/duplicate CC @isidorn |
vscodenpa
added
the
*duplicate
|
Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for similar existing issues. See also our issue reporting guidelines. Happy Coding! |
|
@emilkloeden what company are you representing? Can you share more about how you use VS Code? fyi @devinvalenciano |
|
Thanks for the reply @isidorn and your time. I represent a small company 50-100 employees, with an internal development team comprising approx. 10-15 developers, testers and business intelligence users who all use Visual Studio Code. We have two goals that I'd like to address: consistency of extensions installed across devices and the facility to control that centrally. Having an allow-list policy would enable us to limit the set of extensions that can be installed across the workplace in a simple-to-manage manner. A model similar to Firefox's ExtensionSettings policy would allow us to explicitly control the entire set (noting that only the 'installation_mode' and possibly 'blocked_install_message' properties might be appropriate here). Firefox example {
"*": {
"blocked_install_message": "Custom error message.",
"install_sources": ["https://yourwebsite.com/*"],
"installation_mode": "blocked",
"allowed_types": ["extension"]
},
"[email protected]": {
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
},
"[email protected]": {
"installation_mode": "allowed"
}
}Possible VS Code example {
"*": {
"blocked_install_message": "This extension has been blocked by your organisation.",
"installation_mode": "blocked"
},
"ms-python.python": {
"installation_mode": "force_installed"
},
"vscodevim.vim": {
"installation_mode": "allowed"
}
}To date we have addressed this by installing extensions to a non-user-writable location and set the (undocumented - I believe) |
|
Sigh open source is hard. I apologise my searches for duplicates before posting obviously weren't great. In particular this requests a subset of what was requested in #84756. I can't see a mention of an allow-list on the 2021-22 Roadmap (or find a newer roadmap). It looks like #84756 might be on the backlog. Should I watch that issue for future updates? Thanks, |
|
@emilkloeden thanks a lot for sharing this feedback, this is very useful. |
We would like to centrally maintain a list of allowed extensions. Doing so via group policy in a similar fashion to how one can set an allow list in browsers would be a convenient way to do this.
The text was updated successfully, but these errors were encountered: