WebStorm
 
2023.2
Shortcuts: Windows
Get WebStorm
You are viewing the documentation for an earlier version of WebStorm.
  1. WebStorm projects
  2. Project security

Project security

Last modified: 14 September 2023

To prevent potential security risks, WebStorm lets you decide how to work with a project if you're not sure about its source. WebStorm warns you about tasks, File Watchers or webpack configurations that will be executed and lets you configure sources that you can trust.

tip

Projects created from the Welcome screen or via File | New | Project as described in Creating projects are automatically considered trusted.

note

You can configure trusted locations to automatically load projects from particular directories.

Open a project from unknown sources

When you open a project that was created outside WebStorm and was imported into it, WebStorm displays a dialog where you can decide how to handle this project with unfamiliar source code.

Every time you open a project for the first time, the IDE shows the Trust Project dialog. This helps to ensure that the project is safe to perform the following actions:

Untrusted project warning

You can select one of the following actions:

  • Preview in Safe Mode: in this case, WebStorm opens the project in Safe Mode, meaning you can browse the project's sources, but there are restrictions in executing any tasks or scripts or running/debugging your project.

    tip

    If you stay in Safe Mode, WebStorm will not show extra notifications for other potentially dangerous features in your project. For more information, refer to Safe mode preview limitations.

    WebStorm notifies you about Safe Mode on top of the editor area. You can click the Trust project… link and load your project at any time.

    In-editor notification for untrusted projects in the Safe Mode

  • Trust Project: in this case, WebStorm opens and initializes the project, resolves project plugins, adds dependencies, and enables all WebStorm features.

  • Don't Open: in this case, WebStorm cancels the action.

note

Select the Trust projects in <path> checkbox to trust the directory from which you are trying to open the project. Next time you open a project from that directory, it will be opened and loaded automatically.

Startup tasks

When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, WebStorm displays a notification suggesting that the code you are about to execute might be harmful.

You can review what tasks will be executed and modify the settings.

Review the startup tasks

  1. In the Settings dialog (CtrlAlt0S), go to Tools | Startup Tasks.

  2. On the Startup Tasks settings page, you can review and modify the startup tasks.

Safe mode preview limitations

If you open a project in Safe Mode, the following limitations will apply:

Trusted locations

You can configure what sources WebStorm should consider safe and accordingly load them and run File Watchers or webpack configurations without showing the notification.

You can add your home directory to the trusted locations to disable WebStorm's warnings about untrusted projects.

Configure trusted locations

  1. In the Settings dialog (CtrlAlt0S), go to Build, Execution, Deployment | Trusted Locations.

  2. On the Trusted Locations settings page, specify the local directories that the IDE should trust. Click OK to save the changes.

    Trusted locations

    The next time you open a project from one of those locations, WebStorm will implicitly trust it.