Comment by hollerith

Comment by hollerith 4 days ago

0 replies

View on Hacker News

The point is that Zed's developers have chosen to include prettier, which probably transitively includes many other NPM packages.

Node and these NPM packages represent a large increase in attack surface for a relatively small benefit (namely, prettier is included in Zed so that Zed's settings.json is easier to read and edit) which makes me wonder whether Zed's devs care about security at all.