All activity
Hundreds of malicious extensions are released on the VSCode Marketplace. VSCan analyzes these extensions to determine if they are malicious or vulnerable. Powered by LLMs, ASTs, and static analysis, it has already found hundreds of compromised extensions.
VSCanDetect Malicious VSCode Extensions with AI
Ishaan Agrawalleft a comment
Did you know that VSCode extensions run with full access to your system—including file system, network, and credentials? Worse, dozens of malicious extensions have already made it into the marketplace, silently compromising devices. I am a security researcher and student developer who ran into this problem myself. To help tackle this, I built a 100% free tool (no login required) that scans...
VSCanDetect Malicious VSCode Extensions with AI