VS Code Extension Marketplace Security: The IDE Supply Chain

Your IDE Is a Supply Chain

VS Code is the most popular code editor, used by millions of developers. Its extension marketplace hosts over 40,000 extensions that add language support, debugging tools, themes, productivity features, and integrations with external services.

Each installed extension runs within the VS Code process with access to:

• Every file in your workspace (source code, configuration, credentials)
• Your terminal and the ability to execute commands
• Network access to arbitrary endpoints
• Environment variables including tokens and API keys
• VS Code settings and other extension data
• Git credentials and repository access

A malicious extension has everything it needs to exfiltrate source code, steal credentials, inject backdoors into your codebase, and establish persistence — all from inside the tool developers trust most.

Marketplace Security Model

Publisher Verification

The VS Code marketplace requires publishers to authenticate with a Microsoft or Azure DevOps account. Verified publishers display a blue checkmark, indicating that Microsoft has verified the publisher's identity.

However, identity verification does not equal security verification. A verified publisher can still publish malicious code. And unverified publishers can still publish extensions — they just lack the checkmark.

No Code Review

Microsoft does not review extension code before publication. There is no security audit, no automated malware analysis, and no human review of extension functionality. Extensions are scanned for basic policy violations (copyright infringement, malware signatures) but sophisticated malicious code can easily evade these checks.

This is in stark contrast to mobile app stores (Apple App Store, Google Play) which perform varying degrees of code review before publication.

Permission Model

VS Code does not have a granular permission model for extensions. An extension either runs or it does not. There is no way to grant a theme extension access to colors but deny it network access. There is no way to allow a language server to read files but prevent it from executing commands.

This all-or-nothing model means every extension installation is a full-trust decision.

Documented Attacks

Multiple security researchers have demonstrated the ease of publishing malicious VS Code extensions:

Typosquatting. Extensions with names similar to popular extensions have been published with malicious payloads. A developer searching for "Python" support might install a similarly-named extension that exfiltrates files.

Dependency hijacking. Extensions can include npm dependencies, inheriting the npm supply chain attack surface. A compromised transitive dependency in an extension affects every developer who installs it.

Update attacks. A legitimate extension that builds trust over time can push a malicious update. Since extensions auto-update by default, the malicious code deploys silently to all users.

Trojanized forks. Attackers fork popular open source extensions, add malicious functionality, and publish them under slightly different names. The extensions appear legitimate because the code is mostly identical to the trusted original.

Risk Assessment for Extensions

Before installing any extension, evaluate:

Publisher Reputation

• Is the publisher verified (blue checkmark)?
• How many extensions does the publisher maintain?
• Is the publisher a recognized organization or individual?
• How long has the publisher been active?

Extension Characteristics

• How many installations does the extension have?
• How many ratings, and are they predominantly positive?
• When was the last update?
• Is the source code available for review?
• Does the extension request capabilities beyond what its stated purpose requires?

Code Review

For extensions used in sensitive environments, review the source code:

• Check the activate function for suspicious behavior
• Look for network requests to unexpected endpoints
• Review npm dependencies for known vulnerable or suspicious packages
• Check for obfuscated code (which legitimate extensions rarely use)

Hardening Strategies

Limit Extension Installation

Maintain an approved extension list for your organization. VS Code supports extension recommendation files (.vscode/extensions.json) in repositories and organizational policies that restrict extension installation.

Disable Auto-Update

Consider disabling automatic extension updates (extensions.autoUpdate: false) and reviewing updates manually before applying them. This prevents silent deployment of malicious updates.

Use Extension Profiles

VS Code supports profiles that can include different extension sets. Use minimal extension sets for sensitive work and more permissive sets for non-sensitive activities.

Network Monitoring

Monitor network traffic from VS Code processes. Extensions that make unexpected outbound connections to unknown servers warrant investigation.

Regular Audits

Periodically audit installed extensions across your development team. Remove extensions that are no longer needed, unmaintained, or from unverified publishers.

Organizational Policies

For organizations with security-sensitive codebases:

• Define an approved extension list maintained by the security team
• Block unapproved extension installation through VS Code settings management
• Include extension security in developer onboarding
• Monitor for newly installed extensions across the development fleet
• Establish a process for requesting new extension approvals

How Safeguard.sh Helps

VS Code extensions are part of your development supply chain. While Safeguard focuses on application dependencies rather than IDE extensions directly, the same principles apply: know what you are running, monitor for vulnerabilities, and enforce policies. Safeguard's SBOM generation catches vulnerabilities in the application dependencies that extensions help you write — ensuring that even if your IDE supply chain is imperfect, your application supply chain is monitored and secured.