Quit Emailing Yourself

# security → vscode → extensions → openvsx → malware

1 link tagged with all of: security + vscode + extensions + openvsx + malware

Links

VSCode IDE forks expose users to "recommended extension" attacks

AI-driven IDEs like Cursor and Google Antigravity recommend extensions that may not exist in the OpenVSX registry. This gap allows malicious actors to claim unregistered namespaces and potentially distribute malware. Researchers have reported the issue and taken steps to prevent exploitation.

Saved by tldr-importer · Last saved February 14, 2026 · 2 min read

security ✓ extensions ✓ vscode ✓ openvsx ✓ malware ✓