Vscode-eslint: "The ESLint extension will use 'node_modules/eslint' for validation" make this warning go away.

@nojvek pls see https://github.com/microsoft/vscode-eslint/issues/1012. It is basically a security fix.

Actually you should only be prompted once per workspace folder unless you press Cancel. Do you see the prompt more often.

Closing as dup of https://github.com/microsoft/vscode-eslint/issues/1012

I see it every single time I open a vscode workspace. Even the same
workspace re-opened shows the dialog.

Have to shut it off at-least a couple of times a day.

It’s the same crap Windows vista had. Too many dialogs so users just close
it as annoyance.

I don’t see how this is a big security issue since a node_modules by
definition have access to the system and vscode itself uses a ton of them.

So local eslint or packaged eslint, it’s the same issue none the less. The
dialog doesn’t really do much.

On Tue, Jul 21, 2020 at 6:06 AM Dirk Bäumer notifications@github.com
wrote:

Closed #1023 https://github.com/microsoft/vscode-eslint/issues/1023.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/microsoft/vscode-eslint/issues/1023#event-3571170332,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAHYSVDCIFPKCISBKBL3DM3R4WHETANCNFSM4PDSFQWQ
.

@nojvek which button do you press on the dialog? And which version of the ESLint extension are you using. We had a bug that is fixed in 2.1.8.

I was on latest (2.1.8). But I downgraded to eslint without that annoying modal. Thank god vscode lets you choose the version.

I accidentally pressed "cancel" and now I cant get the ESLint format while typing...
Is there a way to pop-up again the original message and allow it?

Yes, run the command ESLint: Reset Library Decision

At this point I don’t know how much value that modal is adding. Reminds me of windows vista popups. So many that users just learn to ignore them. Why can’t the plugin just do an integrity check of the node_modules installed eslint.

Even if you show the modal, a user doesn’t really know what to do other than clicking a button. If you really care about security then go the extra mile and only alert when locally installed eslint doesn’t match a verified list of hashes.

The problem is that ESLint itself has a plugin system. So even if the hash for ESLint is OK it doesn't necessarily mean that all plugins are. And without help from ESLint it is very hard to know upfront which plugins ESLint will load and which configurations files (interesting are the once containing JS code).

I talked a lot to the VS Code team about this and VS Code will introduce a concept of trusted workspaces with a proper UI which will make the dialog superfluous.

Yes, run the command ESLint: Reset Library Decision
i use this command but it tips command not found: ESLint:
what should i do? (installed eslint but it doesn't work )

sry my spoken English is not well, maybe there is something wrong syntax

@donggua-c that is strange. Which version have you installed?

I'm finding this message super annoying. I work on tons of different projects, so even "once per workspace" is a lot, and really breaks my flow. It adds zero value to me. Would love to be able to suppress this globally.

@donggua-c that is strange. Which version have you installed?

sry i tried it with a wrong way and i retry it successed. sry to waste ur time

as suggested by @ryanblock in #1012 reverting to 2.1.6 solved it for me

The same here , thanks for the suggestion to downgrade to 2.1.6. Now the pop message is gone.