Skip to content

Is there a way to enable marp plugins inside VSCode marp-vscode? #543

Answered by yhatt
alanlivio asked this question in Q&A

You must be logged in to vote

Marp for VS Code is explicitly designed to prevent the use of the Marp plugin to avoid security issues.

Marp plugin is designed to run on Node.js, so it's possible to do anything on Node.js beyond extending Marp. So if we support Marp plugin, it's possible to execute arbitrary code on your machine by installing malicious plugin that pretending to be Marp plugin. The similar case has already been reported in ESLint extension for VS Code as CVE-2020-1416.

In particular, Marp for VS Code is often used by users who don't focus on development, and they may introduce the extension as an alternative to the classic Marp GUI app. Therefore, it's easy to introduce a plugin without understanding the…

Replies: 2 comments 2 replies

You must be logged in to vote
0 replies
Answer selected by alanlivio

You must be logged in to vote
2 replies
@yhatt

yhatt Oct 7, 2024
Maintainer

@alanlivio

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants