vs-code
Safeguard articles tagged "vs-code" — guides, analysis, and best practices for software supply chain and application security.
6 articles
IDE extension marketplace trust and verification
Wiz Research found 550+ leaked secrets across 500+ VS Code extensions, including publisher tokens that let attackers push malicious updates to entire install bases.
The Cursor IDE extension that stole $500K: a supply chain post-mortem
A fake 'Solidity Language' extension hit 50,000+ downloads on Open VSX before stealing $500K in crypto. Here's how IDE marketplaces became a trust gap.
GitHub VS Code Extension Breach (20 May 2026): What Happened, How It Worked, and What to Do Monday Morning
GitHub disclosed on 20 May 2026 that a poisoned VS Code Marketplace extension was used to exfiltrate roughly 3,800 private repositories from enterprise engineering orgs, landing in the middle of a broader May 2026 wave of developer-surface supply chain attacks.
Getting Started with Safeguard IDE Extension (VS Code)
A step-by-step walkthrough for installing, configuring, and using the Safeguard VS Code extension to catch supply chain issues before you commit.
Safeguard IDE Extension: Supply Chain Intelligence in Your Editor
The Safeguard VS Code extension surfaces vulnerability data, dependency health, and policy violations directly in your editor as you write code.
VS Code Extension Marketplace Security: The IDE Supply Chain
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.