I’d just like to make a note here that there is ABSOLUTELY NO SECURE WAY to run plugins without severely crippling the plugin API.
Electron by nature is insecure when 3rd party code is involved, and that we won’t even attempt to wrestle that beast. The only advice we can give is “only run code you absolutely trust and have self-audited to be secure for your use case”.
I’d like to add that even VSCode, a hugely popular IDE made by Microsoft, doesn’t have what you’re requesting.