16 may 2023

Oh no, my paranoia has been validated. One of the main reasons I’ve never given Visual Studio Code a real chance was that simple things like .editorconfig support required third-party extensions, and I don’t trust them.

Catalin Cimpanu (

Attached: 1 image Check Point has discovered three malicious Visual Studio Code extensions available through the official VSCode store that contained code to steal user data and enable backdoor access. The extensions were installed more than 45,000 times.

Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding to your feeds (or if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.

Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France,

Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.

All contents © the author or quoted under fair use.