I recently read an article by Bleeping Computer, about <a target="_blank" href="https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/">malicious VSCode extensions</a>.
It seems that VS Code extensions can be vulnerable in the following ways according to Bleeping Computer:
<ul>
<li>Trivial Fake Extensions: Researchers created a fake extension that looked legitimate but stole source code. It took them only 30 minutes to publish and get users, highlighting the potential ease for attackers.
</li>
<li>Malicious Code in Published Extensions: A significant number of extensions (over 1,000) were found to contain malicious code, downloaded millions of times collectively.
</li>
<li>Lax Security Measures: The VS Code Marketplace may not have strict enough vetting processes, allowing malicious extensions to slip through.
</li>
</ul>
These findings emphasize the importance of staying vigilant when installing VS Code extensions.

I recently read an article by Bleeping Computer, about [malicious VSCode extensions](https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/).

It seems that VS Code extensions can be vulnerable in the following ways according to Bleeping Computer:

* **Trivial Fake Extensions:** Researchers created a fake extension that looked legitimate but stole source code. It took them only 30 minutes to publish and get users, highlighting the potential ease for attackers.
    
* **Malicious Code in Published Extensions:** A significant number of extensions (over 1,000) were found to contain malicious code, downloaded millions of times collectively.
    
* **Lax Security Measures:** The VS Code Marketplace may not have strict enough vetting processes, allowing malicious extensions to slip through.
    

These findings emphasize the importance of staying vigilant when installing VS Code extensions.

How VS code extensions can be vulnerable?