This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Support python.analysis.nodeExecutable in .vscode/settings.json and with ${workspaceFolder} templating
#5761
Comments
|
I believe that this is intentionally not supported for security reasons. We want users to opt into this feature explicitly to ensure that a malicious node.exe isn't used without their knowledge. Reassigning to @rchiodo. Maybe we could somehow require the user to approve the setting if it's in the workspace settings.json, and not use that setting value until that happens? Something along the lines of "do you trust the owners of this repo?" Which I think may be same thinking/language behind trusted workspaces? |
debonte
added
enhancement
|
Interesting. I hadn't thought of the security concern, but I am wondering if this presents a greater security concern than configuring |
|
Yeah this was intentional. The node executable (if allowed in a workspace settings.json) could theoretically run a workspace relative node that could compromise a machine. The 'trusted' workspace setting is supposed to handle this situation, but we didn't want to add another location (like defaultInterpreterPath) that users would have to double check in a folder before opening it. Using a custom node is really supposed to be a workaround for memory issues though. It might be better if we just figured out what is causing memory problems for you @Tom-Newton. |
|
Thanks for explaining. Personally I would find this useful but if you don't think its a good idea I can understand.
That would be great but I think it would be a bit of a rabbit hole and I can't share the repo in question. Probably its caused by a large number of pip dependencies. We also use bazel so our |
I hadn't heard of this setting before. FYI, it appears to only be honored when using Jedi instead of Pylance. https://github.com/microsoft/vscode-python/blob/01e5cbdbe836e51447a887f5afb350293a5ec11e/src/client/activation/jedi/analysisOptions.ts#L44 |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
python.analysis.nodeExecutablewas recently added and it seems to be a big help. Thank you for adding it. I would like to be able to configure it in our repo so that all my colleagues get the benefit without each of them needing to set it up individually.To do this it needs to be configurable in the
.vscode/settings.jsonof the project. Currently it seemspython.analysis.nodeExecutableonly works in the user'ssettings.json. Additionally it would be useful to support https://code.visualstudio.com/docs/editor/variables-reference. Personally I'm specifically interested in${workspaceFolder}, which appears to be supported in other pylance configs such aspython.analysis.extraPaths.The text was updated successfully, but these errors were encountered: