Motivations
-
As you stated here, there was nothing CONFIRMED to be harmful in our previous version of Material Theme (which has since been completely rewritten) at the time you published the official communication to the whole web (Reddit, HackerNews, Github). Despite this, you took down 6 extensions (but mentioned only Material Theme Icons), banned my entire account, and caused disruptions for millions of users—including introducing real problems (which you admitted responsibility for on HackerNews — image proof).
- Your official statement:
-
This decision destroyed 10 years of reputation and trust, all based on unfounded SUSPICIONS regarding obfuscated code—something you dislike, even though there was no evidence of harm. The only issue was an outdated sanity.io dependency within the obfuscated code, which could have been fixed in 30 seconds.
-
You not only banned my entire account but also blocked my email, preventing me from contacting you in any way. There was no official channel provided to appeal or even discuss this matter. You never reached out for clarification (neither pre-ban nor post-ban) — unlike in other cases where you contacted fork authors after our ban — nor did you request that we deobfuscate the code or access the source code. I never received any notification about the ban—I only found out when a friend shared a Hacker News post with me, hours later.
-
You acted differently depending on the interlocutor. As you stated here, you reached out to other "authors" AFTER the ban and both agreed that they had no malicious intent. Yet, when it came to me, you decided I had malicious intent (despite the code being identical, but you saw it obfuscated) — without ever reaching out to me, either before or after the ban, without any confirmation or proof.
Dark behavior and debatable actions
All forks created when our extension was open-source contained the exact same so-called "compromised" code—just without obfuscation. Yet, instead of taking them down, you reached out to them after our ban as stated by an individual called Theo(image proof), giving them time to update their versions while our extension was removed entirely.
For example, one of the many cloned extensions—created by this 🤡 Youtuber called Theo —contained the so-called "suspected code" right up until the ban. Yet, unlike Material Theme, they were given time to clean it up. After some minutes, they removed all the "suspected code".
Even more concerning, any user who installed version <35.0.0 of that fork – before the cleanup – and hasn't updated is still using that so-defined "compromised" version and dependency — yet the extension remains publicly available. Why the double standard?
Furthermore, there is NOTHING in the marketplace terms prohibiting closed-source or obfuscated code. If obfuscation was a concern, we could have easily removed it upon request.
Involvement with Other Fork Authors
Within just a few hours, you—as a VS Code team member, and by extension, Microsoft—were already promoting the very fork that you gave time to fix and remove the so-called "suspicious code. Code which is still PUBLISHED and used by users prior v35 (read above).
CLICK TO EXPAND
This raises serious concerns about bias and suggests either a deliberate attempt to undermine our credibility or, at the very least, a clear lack of professionalism from your team.
Persistent Unfair Treatment
We attempted to release a new version of our extension under a new name (the rename was planned) and a new publisher (vira-theme). Even though this version was completely rewritten from scratch, with no dependencies or runtime code related to your previous concerns, you repeatedly took it down without any public explanation or direct communication with us, and just based on random comments on Reddit. The only apparent reason for this action seems to be the presence of obfuscated code—implying that obfuscation alone is enough to classify an extension as malicious.
CLICK TO EXPAND
Additional discriminatory actions
@isidorn (PoemBusiness6939 on Reddit) as Microsoft's official voice, publicly accused that a random individual was impersonating me, solely based on the fact that they were criticizing Microsoft's actions.
CLICK TO EXPAND
This is not only false and baseless but also discriminatory.
This behavior sends a troubling message to the community: that decisions are being made based on unfounded suspicions, rather than proper investigation. This has nothing to do with security.
Community feedback and false positive
Additionally, there are clear signs of a false positive report from your community, yet no effort was made to verify this before taking irreversible action. (CLICK TO EXPAND)
From this repo
Requests
If your review of MY SOURCE CODE confirms that there is nothing malicious, I formally request the full restoration of our publisher accounts (Equinusocio and vira-theme), all related extensions, and user access to the theme. Additionally, all installations and insights should be reinstated.
I also request a public apology from the team (and @isidorn the person who started this panic-oriented campaign) and the removal of all misleading, panic-inducing information shared on Hacker News and other official channels even before real investigation or CONFIRMED malicious code, and before any official statement. Even if malicious intent were proven, there was absolutely no justification for giving other forks time to remove the violated dependencies while immediately taking down Material Theme based on false claims—without any prior investigation.
Conclusion
As for the VS Code team — and by extension, @microsoftopensource — the entire team, and particularly @isidorn, publicly accused me of criminal activity by spreading false and unverified information.
This is defamatory and illegal under multiple legal frameworks, as it constitutes false accusation, reputational damage, and libel. Publicly accusing someone of criminal activities — such as intentionally distributing viruses or malicious code — without evidence is a serious offense. This is especially true when the accusation comes from a major corporation with significant influence, as it can cause severe reputational and professional harm. Such actions can have real-world consequences, including professional and personal harm.
I will also reach out to Microsoft to resolve this matter and pursue the appropriate action.
March 2, 2025 (4 days after the "malicious intent" statement): They still haven’t reached out to me.
Yet another example of the VS Code team's unprofessionalism and their questionable involvement with this individual named Theo. This confirms what was stated earlier: they removed my other account with a completely new extension (Vira Theme), without even bothering to review it. This goes far beyond "security" concerns.
Willing to collaborate
I am willing to grant vscode team access to review, for real this time, the source code.
I've opened the code so everyone, and not only the vscode team or controversial startups can see and perform their analysis. I am also open to discussing the obfuscated code and the reasoning behind this decision to reach a fair resolution and provide you the new .vsix file to restore on the marketplace in place of the old "harmful" version of the extension.
Source code of release-notes.ts (the subject file)
Deobfuscated compiled release-notes.js (the subject file)
It takes just 30 seconds to see that there is no direct correlation between the build code and the source code. There is a potential issue that lies in how code is compiled that pulls in the @sanity.io/client dependency inside the output build, with or without obfuscation.
What kind of "person with malicious intent" openly shows their face and actively collaborates?
March 3, 2025 (4 days after the "malicious intent" statement): They still haven’t reached out to me).
I bet no one—myself included—initially realized that the "suspicious" extension appears to be only Material Theme Icons, meaning some of the previous statements are partially inaccurate.
That said, as part of my supposed "malicious intent," I have also opened the source code of that extension so that anyone can analyze it directly, rather than relying on speculation based on obfuscated code. I don't care about this anymore, my conscience is clear, who knows if this also applies to others.
Motivations
As you stated here, there was nothing CONFIRMED to be harmful in our previous version of Material Theme (which has since been completely rewritten) at the time you published the official communication to the whole web (Reddit, HackerNews, Github). Despite this, you took down 6 extensions (but mentioned only Material Theme Icons), banned my entire account, and caused disruptions for millions of users—including introducing real problems (which you admitted responsibility for on HackerNews — image proof).
This decision destroyed 10 years of reputation and trust, all based on unfounded SUSPICIONS regarding obfuscated code—something you dislike, even though there was no evidence of harm. The only issue was an outdated
sanity.iodependency within the obfuscated code, which could have been fixed in 30 seconds.You not only banned my entire account but also blocked my email, preventing me from contacting you in any way. There was no official channel provided to appeal or even discuss this matter. You never reached out for clarification (neither pre-ban nor post-ban) — unlike in other cases where you contacted fork authors after our ban — nor did you request that we deobfuscate the code or access the source code. I never received any notification about the ban—I only found out when a friend shared a Hacker News post with me, hours later.
You acted differently depending on the interlocutor. As you stated here, you reached out to other "authors" AFTER the ban and both agreed that they had no malicious intent. Yet, when it came to me, you decided I had malicious intent (despite the code being identical, but you saw it obfuscated) — without ever reaching out to me, either before or after the ban, without any confirmation or proof.
Dark behavior and debatable actions
All forks created when our extension was open-source contained the exact same so-called "compromised" code—just without obfuscation. Yet, instead of taking them down, you reached out to them after our ban as stated by an individual called Theo(image proof), giving them time to update their versions while our extension was removed entirely.
For example, one of the many cloned extensions—created by this 🤡 Youtuber called Theo —contained the so-called "suspected code" right up until the ban. Yet, unlike Material Theme, they were given time to clean it up. After some minutes, they removed all the "suspected code".
Even more concerning, any user who installed version <35.0.0 of that fork – before the cleanup – and hasn't updated is still using that so-defined "compromised" version and dependency — yet the extension remains publicly available. Why the double standard?
Furthermore, there is NOTHING in the marketplace terms prohibiting closed-source or obfuscated code. If obfuscation was a concern, we could have easily removed it upon request.
Involvement with Other Fork Authors
Within just a few hours, you—as a VS Code team member, and by extension, Microsoft—were already promoting the very fork that you gave time to fix and remove the so-called "suspicious code. Code which is still PUBLISHED and used by users prior v35 (read above).
CLICK TO EXPAND
This raises serious concerns about bias and suggests either a deliberate attempt to undermine our credibility or, at the very least, a clear lack of professionalism from your team.
Persistent Unfair Treatment
We attempted to release a new version of our extension under a new name (the rename was planned) and a new publisher (vira-theme). Even though this version was completely rewritten from scratch, with no dependencies or runtime code related to your previous concerns, you repeatedly took it down without any public explanation or direct communication with us, and just based on random comments on Reddit. The only apparent reason for this action seems to be the presence of obfuscated code—implying that obfuscation alone is enough to classify an extension as malicious.
CLICK TO EXPAND
Additional discriminatory actions
@isidorn (PoemBusiness6939 on Reddit) as Microsoft's official voice, publicly accused that a random individual was impersonating me, solely based on the fact that they were criticizing Microsoft's actions.
CLICK TO EXPAND
This is not only false and baseless but also discriminatory.
This behavior sends a troubling message to the community: that decisions are being made based on unfounded suspicions, rather than proper investigation. This has nothing to do with security.
Community feedback and false positive
Additionally, there are clear signs of a false positive report from your community, yet no effort was made to verify this before taking irreversible action. (CLICK TO EXPAND)
From this repo
Requests
If your review of MY SOURCE CODE confirms that there is nothing malicious, I formally request the full restoration of our publisher accounts (
Equinusocioandvira-theme), all related extensions, and user access to the theme. Additionally, all installations and insights should be reinstated.I also request a public apology from the team (and @isidorn the person who started this panic-oriented campaign) and the removal of all misleading, panic-inducing information shared on Hacker News and other official channels even before real investigation or CONFIRMED malicious code, and before any official statement. Even if malicious intent were proven, there was absolutely no justification for giving other forks time to remove the violated dependencies while immediately taking down Material Theme based on false claims—without any prior investigation.
Conclusion
As for the VS Code team — and by extension, @microsoftopensource — the entire team, and particularly @isidorn, publicly accused me of criminal activity by spreading false and unverified information.
This is defamatory and illegal under multiple legal frameworks, as it constitutes false accusation, reputational damage, and libel. Publicly accusing someone of criminal activities — such as intentionally distributing viruses or malicious code — without evidence is a serious offense. This is especially true when the accusation comes from a major corporation with significant influence, as it can cause severe reputational and professional harm. Such actions can have real-world consequences, including professional and personal harm.
I will also reach out to Microsoft to resolve this matter and pursue the appropriate action.
March 2, 2025 (4 days after the "malicious intent" statement): They still haven’t reached out to me.
Yet another example of the VS Code team's unprofessionalism and their questionable involvement with this individual named Theo. This confirms what was stated earlier: they removed my other account with a completely new extension (Vira Theme), without even bothering to review it. This goes far beyond "security" concerns.
Willing to collaborate
I am willing to grant vscode team access to review, for real this time, the source code.I've opened the code so everyone, and not only the vscode team or controversial startups can see and perform their analysis. I am also open to discussing the obfuscated code and the reasoning behind this decision to reach a fair resolution and provide you the new .vsix file to restore on the marketplace in place of the old "harmful" version of the extension.
Source code of
release-notes.ts(the subject file)Deobfuscated compiled
release-notes.js(the subject file)Obfuscated
release-notes.ts(the subject file)It takes just 30 seconds to see that there is no direct correlation between the build code and the source code. There is a potential issue that lies in how code is compiled that pulls in the
@sanity.io/clientdependency inside the output build, with or without obfuscation.What kind of "person with malicious intent" openly shows their face and actively collaborates?
March 3, 2025 (4 days after the "malicious intent" statement): They still haven’t reached out to me).
I bet no one—myself included—initially realized that the "suspicious" extension appears to be only Material Theme Icons, meaning some of the previous statements are partially inaccurate.
That said, as part of my supposed "malicious intent," I have also opened the source code of that extension so that anyone can analyze it directly, rather than relying on speculation based on obfuscated code. I don't care about this anymore, my conscience is clear, who knows if this also applies to others.