That's a lot of accusations without evidence. VSCode does questionable things, but nowhere near the levels you are describing.
And is there any evidence that VSCode is not secure, by Node.js standard? Has there been significant security incidents that were not handled properly? Has VSCode been neglecting security issues?
No to all those questions, based on my experience. Node.js inherently is loose on permissions -- by default you can do IO/connect to Internet however you want -- but that's not VSCode's fault. Otherwise, VSCode team has been very responsive at handling security issues.
(Saying this as an experienced VSCode user and extension developer.)
And is there any evidence that VSCode is not secure, by Node.js standard? Has there been significant security incidents that were not handled properly? Has VSCode been neglecting security issues?
No to all those questions, based on my experience. Node.js inherently is loose on permissions -- by default you can do IO/connect to Internet however you want -- but that's not VSCode's fault. Otherwise, VSCode team has been very responsive at handling security issues.
(Saying this as an experienced VSCode user and extension developer.)