ide-security
Safeguard articles tagged "ide-security" — guides, analysis, and best practices for software supply chain and application security.
10 articles
The Cursor extension that cost a developer $500,000
A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.
Code injection risks in CLI tools and IDE plugins
A malicious npm dependency hid in event-stream for 8M downloads before detection. Developer tooling is a code-injection blast radius most teams never audit.
What developer-first supply chain security actually requires
The xz-utils backdoor was caught by a 500ms SSH login delay, not a scanner. Real developer-first security means catching it before the commit ships.
Cursor IDE Security Model: What Enterprises Need to Know
Cursor's 2026 security model introduces privacy modes, indexing controls, and agent sandboxes. Here is the enterprise-ready view of what works.
Windsurf CVE-2025-62353: Path Traversal in Cascade and the IDEsaster Wave
HiddenLayer's CVSS 9.8 Windsurf flaw exfiltrated secrets even with write_to_file on the deny list. The Cascade agent's filesystem trust broke wide open.
How the Snyk Language Server powers IDE plugins across VS...
A technical look at how Snyk's Go-based Language Server uses LSP and a delegating scanner pattern to power VS Code, JetBrains, and Eclipse plugins from one binary.
How Snyk's JetBrains plugin family supports IntelliJ, PyC...
A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.
The Hidden Cost of Context Switching Between IDE and Secu...
Jumping between your IDE and security dashboards isn't free. Here's what context switching really costs developers, and how to eliminate it.
JetBrains Plugin Security Verification: Protecting Your IDE
IDE plugins run with the same privileges as your IDE. A malicious IntelliJ plugin has access to your source code, credentials, and development environment.
VS Code Extension Marketplace Security: The IDE Supply Chain
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.