How to use python with the Cursor IDE

How-to-Python-in-Cursor.md

How to use python with the Cursor AI IDE

Cursor.app has a critical vulnerability that should be taken seriously!

Please see my post below on this as sooon as possible! https://gist.github.com/joeblackwaslike/752b26ce92e3699084e1ecfc790f74b2?permalink_comment_id=5716065#gistcomment-5716065

Steps to patch latest cursor

These instructions should work with the latest versions of cursor which requires a much different strategy than the older versions where you could simply point cursor to the MS extension marketplace and call it a day.

Version details

Tested and verified w/ the following version

Version: 1.5.5
VSCode Version: 1.99.3
Commit: 823f58d4f60b795a6aefb9955933f3a2f0331d70
Date: 2025-08-25T17:40:25.290Z
Electron: 34.5.8
Chromium: 132.0.6834.210
Node.js: 20.19.1
V8: 13.2.152.41-electron.0
OS: Darwin arm64 24.6.0

Instructions

1. Download latest from cursor-ai-downloads

2. # Make backup (optional)
   sudo mv /Applications/Cursor.app/ /Applications/Cursor_backup.app
   
   cd /tmp
   wget https://downloads.cursor.com/production/823f58d4f60b795a6aefb9955933f3a2f0331d7b/darwin/universal/Cursor-darwin-universal.dmg
   
   hdiutil mount Cursor-darwin-*.dmg
   sudo cp -R /Volumes/Cursor\ Installer/Cursor.app /Applications/
   hdiutil unmount /Volumes/Cursor\ Installer
   rm -f Cursor-darwin-*.dmg
   popd

3. force the code signature check to pass and get cached

   /Applications/Cursor.app/Contents/Resources/app/bin/cursor --version

4. Download the package.json patcher by @realdimas and execute it. For the security minded feel free to review the contents

   curl -sL "https://gist.githubusercontent.com/realdimas/e58723564cfada8efd93adab6efb747c/raw/d6c0ff85ce979637b4d6fb0033b0a736fbe332cf/fix-product-json.sh" | sudo bash

5. Create a new text file named cursor-exts.txt. The contents should be a list of all the extensionIds you use from the cursor marketplace. I've provided an example of mine to serve as an example. Any lines beginning with # are comments and will be ignored when parsing this file.

6. Create another new text file named vscode-exts.txt. The contents should be a list of all the extensionIds you use that exist only in the official Microsoft marketplace. I've provided an example of mine to serve as an example. Any lines beginning with # are comments and will be ignored when parsing this file.

   Note: do not add the the pylance extensionId (ms-python.vscode-pylance) or python extension (ms-python.python) Pylance will fail to install and needs to be specially patched which we will do later. The patched pylance will require a newer version of ms-python than the one installed through traditional means.

7. At this point close Cursor.app if it's still running.

8. Run the following commands in the same shell and path where you created both extension text files:

   # Clear existing extensions including the problematic `anysphere.cursorpyright`.  Do this after you've completed both extension lists above
   /bin/rm -rf ~/.cursor/extensions/*
   
   # Install all your cursor extensions
   curl -sL "https://gist.githubusercontent.com/joeblackwaslike/802b9ddc135ba85d31a14b21b341807a/raw/c698a2e3fa73296bdd61258b5faf1f2dc37e174f/get-cursor-exts.sh" | bash -s -- --input-file cursor-exts.txt
   
   # the following script has a required dependency for only MacOS users which lack gnu grep.
   if [[ "$(uname -s)" == "Darwin" ]]; then
       brew install grep
   fi
   
   # Install all your microsoft marketplace extensions
   curl -sL "https://gist.githubusercontent.com/joeblackwaslike/306d6c7548f0c01f6626891d3d125066/raw/1448e70705e2eca8bb1154d5972cc8b756153e10/get-ms-exts.sh" | bash -s -- --input-file vscode-exts.txt
   
   # we have to manually download and install the ms-python vsix file because pylance requires a newer version than would be installed through cursor and even my scripts.  This is very important to ensure pylance works correctly in the latest cursor builds.
   curl https://ms-python.gallery.vsassets.io/_apis/public/gallery/publisher/ms-python/extension/python/2025.13.2025080801/assetbyname/Microsoft.VisualStudio.Services.VSIXPackage -o ms-python.python_2025.13.2025080801.vsix
   
   cursor --install-extension ms-python.python_*.vsix
   
   uv run --script https://gist.githubusercontent.com/realdimas/c025cdba50cc05e0f644eb71bf7efbb9/raw/pylance_patcher.py
   
   cursor --install-extension ms-python.vscode-pylance-*-patched.vsix

9. Add some required settings like disabling autoupdate and setting pylance as the python language server:

   jq '.["update.enableWindowsBackgroundUpdates"] = false' ~/Library/Application\ Support/Cursor/User/settings.json > temp.json && mv temp.json ~/Library/Application\ Support/Cursor/User/settings.json
   
   jq '.["update.mode"] = "none"' ~/Library/Application\ Support/Cursor/User/settings.json > temp.json && mv temp.json ~/Library/Application\ Support/Cursor/User/settings.json
   
   jq '.["python.languageServer"] = "Pylance"' ~/Library/Application\ Support/Cursor/User/settings.json > temp.json && mv temp.json ~/Library/Application\ Support/Cursor/User/settings.json

10. Open Cursor.app and then close

    # We need to manually delete the anysphere.cursorpyright extension using rm or it will keep reenabling and reinstalling itself.  We need to run the command again too because it doesn't always work the first time.
    /bin/rm -rf ~/.cursor/extensions/anysphere.cursorpyright-* || /bin/rm -rf ~/.cursor/extensions/anysphere.cursorpyright-*
    
    

Minor annoyances

Permissions are asked every time cursor is launched

Anyone more familiar with MacOS application development that can determine why this setting isn't saved/persisted between application sessions, your advice would be greatly valued!

cursor disables pylance in local settings and workspac files

If you have a local workspace or project then you'll notice sometimes cursor will disable pylance. Check your local settings.json or the settings key of your local *.code-workspace file for the following:

{
	"python.languageServer": "None"
}

You have a few options, either remove the local setting which defaults to the value for your user setting or change the value locally from None to Pylance

Older versions can be more easily patched, here is the version details that worked for me

Version: 0.49.6
VSCode Version: 1.96.2
Commit: 0781e811de386a0c5bcb07ceb259df8ff8246a50
Date: 2025-04-25T05:07:16.071Z (3 mos ago)

We are going to edit cursors settings to point to the microsoft extensions marketplace.

1. Remove all extensions and exit Cursor.
2. Locate your Cursor project.json file depending on your platform and open it.
   • On MacOS: /Applications/Cursor.app/Contents/Resources/app/product.json
   • On Windows: C:\Users\<user_name>\AppData\Local\Programs\cursor\resources\app\product.json
   • On Linux: /usr/lib/code/product.json
3. Locate the object value for key extensionsGallery in the json document.

Contents of extensionsGallery key in product.json for Cursor

{
    "galleryId": "cursor",
    "serviceUrl": "https://marketplace.cursorapi.com/_apis/public/gallery",
    "itemUrl": "https://marketplace.cursorapi.com/items",
    "resourceUrlTemplate": "https://marketplace.cursorapi.com/{publisher}/{name}/{version}/{path}",
    "controlUrl": "",
    "recommendationsUrl": "",
    "nlsBaseUrl": "",
    "publisherUrl": ""
}

4. Edit it to look like this:

{
    "galleryId": "cursor",
    "serviceUrl": "https://marketplace.visualstudio.com/_apis/public/gallery",
    "itemUrl": "https://marketplace.visualstudio.com/items",
    "resourceUrlTemplate": "https://{publisher}.vscode-unpkg.net/{publisher}/{name}/{version}/{path}",
    "controlUrl": "",
    "recommendationsUrl": "",
    "nlsBaseUrl": "",
    "publisherUrl": ""
}

5. Reopen Cursor.app and install the following extensions:
   • ms-python.python
   • ms-python.vscode-pylance
   • ms-python.debugpy
6. Make sure in your settings that python.languageServer is set to "Pylance"
7. Re-sign Cursor.app (for MacOS)

codesign --force --deep --sign - /Applications/Cursor.app

Enjoy!

PS: you may need to goto your settings.json to remove any theme settings, because having a broken theme looks exactly like this same problem. In my case cursor had copied over my settings from vscode and they pointed to a theme that wasn't yet installed in cursor, removing and then setting the theme manually worked when I though for sure I had broken it again.

Warning

I just received an email about a serious security vulnerability in cursor that allows attackers RCE via prompt injection!

Critical info

• Severity: High! (8.6/10)
• CVE ID: CVE-2025-54135
• Affected versions: <= 1.2.1
• Patched versions: 1.3.9+

The good news is it's been patched since version 1.3.9+. Check your cursor version now to see whether you're affected!

Accessing cursor version

• MacOs: just use the menubar the menubar Cursor > About Cursor.
• Windows: I have no idea, but chime in if you know and can provide this. 💁
• Linux: I assume you already know three ways to accomplish. My surface-linux thingy does not have cursor installed. 😂

Advice

First, this is way above my paygrade but I can give you a few suggestions.

• If you are affected you should close cursor immediately and start assessing the extent, if any, that you were compromised.
• Check ~/.cursor/mcp.json and any mcp servers you use.
• Check your logs/dmesg for anything fucky, inspect your running processes, and look for recent changes to critical system files and/or those of your repositories.

How to fix

Simple answer is to just replace your existing cursor with the latest release.... But tbh the official python support is not great. That's why this place exists. This may take some time because there is a lot to document for this process, and I have only recently figured out the most straightforward and optimal way to patch the latest versions of cursor, specifically version 1.4.4, which will be the focus from here on out.

TLDR; It's non trivial but I have used some excellent scripts from @realdimas which help automate a lot of the complexity, especially across various versions of cursor which require very different approaches. I have also developed some of my own scripts that automate the grunt work of downloading and installing extensions from both the MS marketplace as well as cursors marketplace, etc. I need some time to gather all of these things together, refine them, document them, and make one cohesive set of instructions that can be easily followed by everyone. If you want to help contribute to this effort, reach out, and stay tuned to this space over the next few days.

Sources for more info

• https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html
• GHSA-4cxx-hrm3-49rm

I've just updated the main gist with instructions on how to get python (essentially ms-python and pylance extensions) working in the latest versions of cursor. I've tested both versions 1.4.4 and 1.5.5 and they're working.

Note: I had some trouble initially with cursor replacing the manually downloaded and installed version of ms-python extension with some much older version from 2023. I removed the max versions from from ms-python and pylance extension in the product.json file and then reinstalled the manually downloaded vsix for ms-python with the network disabled. This worked but not sure if both steps are necessary.

I've also noticed that anysphere.cursorpyright keeps getting reinstalled periodically like when an extension you install depends on ms-python.python. Trying to disable or uninstall it only seems to work temporarily. You need to actually run

/bin/rm -rf ~/.cursor/extensions/anysphere.cursorpyright-*

when cursor isn't open to fully uninstall.

@joeblackwaslike You mention package.json several times in the text, but the file is actually called product.json.