All articles tagged with #vscode
Forked AI-powered IDEs based on VSCode recommend extensions that are not in the official OpenVSX registry, creating a security vulnerability where threat actors can claim unregistered namespaces to upload malicious extensions. Researchers identified this issue, coordinated with affected parties, and took measures to block malicious namespace claims, advising users to verify extension sources manually.
The article discusses the beta release of Zed with native support for Claude, highlighting its speed and architectural strengths, but also noting issues with AI autocomplete accuracy, UI performance, and configuration complexity. Users compare Zed to other editors like Cursor, VSCode, and Neovim, emphasizing the importance of speed, extensibility, and user-friendly features. The discussion reflects a broader industry interest in lightweight, fast editors with robust AI integration and customizable interfaces.
Malicious extensions were uploaded to Microsoft's VSCode Marketplace, which were downloaded 46,600 times by Windows developers. The malware enabled threat actors to steal credentials, system information, and establish a remote shell on the victim's machine. While the extensions were removed, developers must manually remove them from their systems and run a complete scan to detect any remnants of the infection. Users are advised to only install extensions from trusted publishers with many downloads and community ratings, read user reviews, and always inspect the extension's source code before installing it.