Visual Studio Code extensions are much less secure than browser extensions or even npm packages
A trope old enough to date back to the dawn of software dev is when one vendor shits on another one in order to promote a new product of theirs.
https://www.baldurbjarnason.com/2024/vscode-extensions-are-insecure/