【vsix Completeness】How can VSCode protect the .vsix from Maliciously replacement? #104288
Assignees
Labels
marketplace
Microsoft VS Code Marketplace issues
Comments
|
Seems to be a Marketplace question but assigning to you (@joaomoreno) if there are any insights from VSCE side. |
|
The Marketplace enforces authentication for publishing extensions, so the hacker would need access to the developer's credentails. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Steps to Reproduce:
Does this issue occur when all extensions are disabled?: Yes/No
Dear team:
Thank u let us engoyed a perfect tool.
I want to know something, about following publishing of .vsix:
https://code.visualstudio.com/api/working-with-extensions/publishing-extension
Question: How can our VS Code Extension Marketplace avoid following case happen?
Case 1: developer 1 published ExtensionA but hacker replaced his 'ExtensionA' with a 'Fake ExtensionA'? And other developments downlaod a 'ExtensionA' but infact it is made by hacker, instead of developer 1 .
Further more, it is possible that we can learn more about VSCode Extension Marketplace security detail.
Thanks.
The text was updated successfully, but these errors were encountered: