
VS Code
Microsoft's free code editor; target of GlassWorm's OpenVSX extension supply-chain attack.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Timeline for VS Code
Provided the extension runtime that executed the malicious payload with developer privileges
Cybersecurity: Threats and Defences: GitHub's own code cloned via add-onUNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
Cybersecurity: Threats and DefencesWhat is Open VSX and how is it different from the VS Code Marketplace?
What was the GlassWorm VS Code extension attack?
Are VS Code extensions safe to install?
Background
Visual Studio Code (VS Code) is a free, open-source code editor developed by Microsoft, first released in 2015. It has become the dominant development environment globally, with over 70% market share among professional developers according to the 2024 Stack Overflow Developer Survey. VS Code supports extensions — plugins that ADD language support, debuggers, linters, and other tooling — distributed through Microsoft's Visual Studio Marketplace. The editor is built on the Electron framework and runs on Windows, macOS, and Linux.
A parallel extension marketplace, Open VSX Registry (openvsix.org), was created by the Eclipse Foundation for non-Microsoft distributions of VS Code and VS Code-compatible editors (VSCodium, Gitpod, Eclipse Che, Theia) that cannot legally access the proprietary Microsoft Marketplace. Open VSX mirrors many popular extensions and also hosts extensions not available on Microsoft's platform.
In U#3, the threat actor GlassWorm conducted a supply-chain attack against the Open VSX Registry, hijacking 73 published extensions by compromising maintainer accounts via phishing . The malicious versions deployed the WAVESHAPER.V2 backdoor via a dependency on a malicious npm package called `plain-crypto-js`. The attack affected developers using VS Code-compatible editors that pull from Open VSX — including corporate and government environments running VSCodium on hardened Linux workstations — rather than users of the Microsoft Marketplace.