There's actually a new setting in vscode (from Dec 24) to configure a whitelist for extensions that are allowed to be installed on a user's machine [0]. It's not foolproof, but it probably helps to prevent common supply chain attacks. I wonder if this could be used in cursor too.

[0] https://code.visualstudio.com/docs/setup/enterprise#_configu...