We are looking to prevent users (on macOS) from installing VS Code extensions that are not explicitly allowlisted, due to security concerns, particularly the risk of malware in third-party extensions.
Does Cursor support VS Code’s extensions.allowed setting in settings.json?
Ref: Enterprise support
It doesn’t appear to have any effect in Cursor.
Additionally, enforcing this would likely require revoking write access to settings.json, which would also block users from customizing other preferences (e.g., themes).
Is there a better way to manage or lock down extensions in Cursor?
Thanks.