Secure LaTeX tools for Visual Studio Code with IntelliSense, manual build, diagnostics, and a local PDF tab viewer.
- IntelliSense for citations, labels, commands, environments, classes, and packages
- Manual build and clean with the fixed secure recipe
- Local PDF tab viewer with one-way refresh
- Diagnostics and log parsing inside VS Code
- No telemetry, auto build, external build commands, or browser viewer workflow
Important
This extension is an independent secure fork and is not the official James-Yu.latex-workshop marketplace release. For compatibility, settings and command IDs still use the existing latex-workshop.* prefix.
- Stable releases publish GitHub release tags to the VS Code Marketplace stable channel and Open VSX.
- Daily releases build, test, and package a VSIX every day, refresh the rolling GitHub daily prerelease, publish to the VS Code Marketplace pre-release channel, and attach open PR, CodeQL, and Dependabot summaries.
- The canonical repository fails release publication if the required registry credentials are missing, so security fixes do not silently miss distribution.
- Stable versioning:
1.2.3 -> 1.2.4,1.2 -> 1.3.0 - Stable releases must keep the current major version line. Update the minor or patch version instead of bumping the major version.
- Daily versioning:
1.2.3 -> 1.3.<run_number>,1.2 -> 1.3.<run_number>
Release operations are documented in RELEASING.md.
Start with the local secure-fork manual in docs/manual/README.md.
For repository organization and cleanup rules, see Repository Layout. For the security controls in this fork, see Security Hardening Summary or in Japanese.
This secure build keeps a focused subset of the upstream editing and compilation workflow.
- Build LaTeX documents manually with the fixed internal build recipe.
- Resolve the build root with a fixed internal policy and always run manual build and clean against the resolved main root file. Secure build and viewer flows do not honor file-level
%!TEX rootcomments. - Write build outputs and auxiliary files into the resolved root file directory, rather than honoring workspace-controlled output-path overrides.
- Open the built PDF in a local VS Code tab using a minimal
pdf.jsruntime, with one-way refresh from the extension to the viewer. - IntelliSense for citations, labels, commands, environments, document classes, packages, and input paths.
- Snippets and text-wrapping commands for common LaTeX authoring tasks.
- Automatic
\itemcontinuation and other core editing conveniences that stay within the editor process. - LaTeX log parsing and diagnostics shown directly in VS Code.
- Hover-based assistance for supported LaTeX constructs.
The following upstream features are intentionally disabled or not exposed in this fork.
- Live Share integration.
- Auto build and other file-watcher-triggered build execution.
- Custom recipes, custom tools, and external build commands.
- Workspace-controlled overrides for build root selection and output or auxiliary directory selection in the secure execution path.
- The internal PDF preview server, browser viewer workflow, reverse or bidirectional viewer messaging, and SyncTeX viewer paths.
- Texdoc, word count, and math preview panel workflows.
- External formatter or linter command overrides from workspace settings without an explicit confirmation prompt.
- Other convenience integrations that expand the executable or network-facing surface without being required for core authoring and compilation.
The code for this extension is available on GitHub at: https://github.com/thinksyncs/LaTeX-Secure-Workspace
This repository is distributed under the MIT License.
It is an independent fork of LaTeX Workshop and retains the upstream MIT notice in LICENSE.txt.
For fork attribution and notice information, see NOTICE.
Some bundled data files or third-party assets may carry their own upstream notices in their respective directories.
Disclaimer: This fork applies security hardening intended to reduce risk, but it does not guarantee safety or fitness for any particular environment. It is provided as-is under the MIT License, and maintainers do not assume responsibility for adopter validation, deployment decisions, operational use, or incident response.