A VS Code extension that auto-blocks and removes extensions listed in the VSXSentry malicious & risky feeds.
Source code: github.com/vsxsentry/vsxsentry-guard
On the VSCode Marketplace https://marketplace.visualstudio.com/items?itemName=mthcht.vsxsentry-guard
- Malicious feed - enforced silently. Every installed extension whose ID matches
the feed is uninstalled (or disabled / warned, per
vsxSentry.action) on every check, regardless of severity or category. No prompt. - Risky feed - opt-in (
vsxSentry.risky.enabled: true). When enabled, matched extensions go through a QuickPick review where you can uncheck any you want to keep (e.g. you actually use Copilot or Remote-SSH). Kept IDs are remembered so you aren't re-prompted.
| Feed | Entries | Severities | Categories |
|---|---|---|---|
| malicious | 1,265 | critical 469, high 661, medium 120, low 15 | malware, impersonation, untrustworthy, spam, copyright-violation, owner-request, impersonation-malware, spam-malware |
| risky | 72 | high 14, medium 51, low 7 | high = Roo Code, Cline, Code Runner, Live Share, Remote-SSH, ngrok, Tailscale, Vault, etc. medium = Copilot, Tabnine, Continue, AWS Toolkit, Docker, Kubernetes, etc. |
The extension also writes blocked IDs into extensions.allowed so VS Code's own
install gate refuses future installs - using the documented { "*": true, "id": false }
blocklist pattern, and merging safely with any existing user config.
VSXSentry Guard applies two layers of protection:
- Block at install time. Every malicious extension ID from the feed is written
to your
extensions.allowedsetting using the{ "*": true, "id": false }pattern. VS Code's own install gate then refuses to install any of those IDs - this is real prevention, enforced by VS Code itself. Already-installed matches are also disabled by VS Code as soon as the setting is written. - Detect and uninstall at runtime. On every check (startup, on-demand, every
N hours, and on the
extensions.onDidChangeevent), the extension walks every installed extension and uninstalls any that match the feed.
The two layers cover each other: the settings write prevents new installs even when the extension isn't running, and the runtime check catches anything that slipped in between feed updates.
- Brand-new threats not yet in the feed are not blocked until the feed is updated and the extension re-checks (default: every 6 hours, configurable). For freshly-listed malware, there's a window between the feed update and your next check where a manual install could succeed; the extension will then uninstall it on the next check.
- If
extensions.allowedis managed by a system policy (Group Policy on Windows,.mobileconfigon macOS,/etc/vscode/policy.jsonon Linux), the policy is authoritative and the extension won't try to write to the setting. The runtime detect-and-uninstall still works. - VS Code 1.96 is required for the install-time block (when
extensions.allowedwas added). On older versions, only the runtime detect-and-uninstall layer is active.
| Setting | Default | Notes |
|---|---|---|
vsxSentry.malicious.feedUrl |
VSXSentry malicious CSV | |
vsxSentry.risky.enabled |
false |
Opt-in for risky feed |
vsxSentry.risky.feedUrl |
VSXSentry risky CSV | |
vsxSentry.risky.severities |
["high"] |
Subset of high, medium, low |
vsxSentry.risky.categories |
["*"] |
e.g. ["risky-tunnel", "risky-remote-access"] |
vsxSentry.action |
"remove" |
remove / disable / warn |
vsxSentry.applyToAllowedSetting |
true |
Write to extensions.allowed |
vsxSentry.updateIntervalHours |
6 |
Background re-check interval |
vsxSentry.notifyOnNewEntries |
true |
Toast when feed grows |
- VSXSentry: Check feeds now - manual run
- VSXSentry: Review pending entries - same; surfaces the risky QuickPick
- VSXSentry: Show last report - webview with removed / kept / failed entries
- VSXSentry: Clear user overrides - forget which risky extensions you chose to keep
npm install
npm run compileThen F5 in VS Code (Extension Development Host) to run.