The surface area for supply chain attack with Helix is vanishingly small compared to nvim + n extensions. You’re dealing with a single vendor, versus one per extension. Helix also runs a very slow, deliberate release process, so while it’s certainly possible that a supply chain vulnerability could be shipped, the process in place appears to work well to mitigate it.
LaunchNotes | Principal engineer, Full Stack Engineer, Product Designer | Full Time | Remote North/Central America
LaunchNotes is a platform for communicating product change within your company and out to your customers. We believe organizational transparency isn’t a nice to have, it’s a must have. We believe that everybody across your team deserves to understand your product and development process and have visibility into it to be able to get their work done. At the heart of LaunchNotes, our mission is to demystify your development process, so that your entire business can work freely.
If you’re passionate about productivity, communication and improving the relationship between technical and non-technical teams, get in touch. Email tyler [at] LaunchNotes [dot] io