For ex: gpu helper will depend on a different set of system libraries than the renderer helper or restrict the system calls that can be made directly from the renderer. This comes from the multi-process architecture of chromium where each of these helper executables are responsible for different components as rendering, running utility process etc and the advantage in that allows for applying different profiles of the OS sandboxing. MacOS manages the access control list for a keychain item based on the bundle identifier of the application trying to access it.īefore 1.50 this module was present inside each window and on macOS the windows are spawned by an executable called Code Helper (Renderer) which is different from the main application executable. VSCode uses a native module called keytar to manage passwords across different OS, so any extension that saves an authentication talks to this module for interaction with the keychain.
I will expand on and why this ought to happen.