VS Code workspace?
Minimal extensions?
Protection against malicious dependencies
I know that each developer’s environment differs depending on their situation, but would be great to see other devs setup.
You should use a VM to run untrusted software
Not sure if this what you are looking for but there are some talks by Fredrik Stromberg out there where he mentions Mullvad development occurs on Qubes. Can’t remember 100% which videos as I watched them a while back but maybe one these:
Firejail/bubblejail if you don’t want to use a VM
Depends on the threat model. I’d imagine malware reverse engineers have dedicated VMs with IDA pro or Ghidra, and for the rest QubesOS is likely way more than sufficient.
If you are referring to privacy, stick with FOSS builds of software. Use VScodium, not VSCode. Personally I use NeoVim for my local dev.