This means you cannot use any editor or IDE on “the market” today that supports the concept of plugins/packages.
When you consider the nodejs ecosystem where it’s basically just a free-for-all of who puts what up and forks with similar sounding names lurk behind each corner - it’s not even a matter of the atom.io packages being ‘malicious’, they don’t have to be. They just need one of their 50-60 npm downloaded modules written by a person one step further removed from you to be malicious.
Here’s a great example:
h t tps://www.npmjs.org/package/jQuery maintained by coolaj86, treasonx, rwaldron
and then right next to it
h t tps://www.npmjs.org/package/jquery, maintained by dmethvin, scott.gonzalez, m_gol
And the funny part is, the ‘jQuery’ project looks like the imposter. And that’s only based on
the fact that they link to the project’s real github page. I have no idea if it’s legit. The guy
writing atom.io addons doesn’t know if they’re legit. You need to think big picture.