They are now evading the ban by rebranding the extension to "Fanny Theme": https://marketplace.visualstudio.com/items?itemName=fanny.vs...
Thank you. We will security audit this extension today and take action if needed.
Readit Newsisidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
Letting you know that VSCode is unable to uninstall the extension. It prompts me to uninstall, but when I confirm the window refreshes and the extension is still there, triggering the same "is problematic" prompt. This is an infinite loop. Same behavior when trying to uninstall the usual way from the extensions panel.
I had to manually delete the extension's folder in %USERPROFILE%\.vscode\extensions and delete the entry from the json (%USERPROFILE%\.vscode\extensions\extensions.json).
VSCode 1.97.2, commit e54c774e0add60467559eb0d1e229c6452cf8447
Thank you for letting us know. We are investigating.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
You might need to chase down reuploads, too.
https://marketplace.visualstudio.com/items?itemName=t3dotgg....
Thanks. Our security researchers will review this today and we might take it down.
We reached out to the new author and he does not have malicious intent, and agreed that we just take down the new extension if we see something is off.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
Just to be clear, which publisher was banned? Maybe I'm being stupid (it's late here) but I'm struggling to track the various parties involved.
Anyway, thank you for the update.
The publisher Equinusocio was banned.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
The issue to which op links now yields 404. What's up with that?
I am in European time and I do not know what happened on that post (since I was sleeping). I assume it were some heated arguments between maintainer and community about license/copyrights/open source maintenance.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
Will Microsoft consider adding a permission model for extensions?
This is tracked in this feature request https://github.com/microsoft/vscode/issues/52116
We do not plan to add a permission model in the next 6 months.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
Can you please clarify whether the fork also suffers from the same security issues (or engage the fork's owner to ensure that it doesn't https://github.com/t3dotgg/vsc-material-but-i-wont-sue-you)
Thanks for flagging it. Our security researchers will analize it and based on their findings we might remove this one as well.
isidorn commented on Material Theme has been pulled from VS Code's marketplace github.com/material-theme... · Posted by u/Inityx
Hi - Isidor here from the VS Code team.
A member of the community did a deep security analysis of the extension and found multiple red flags that indicate malicious intent and reported this to us. Our security researchers at Microsoft confirmed this claims and found additional suspicious code.
We banned the publisher from the VS Marketplace and removed all of their extensions and uninstalled from all VS Code instances that have this extension running. For clarity - the removal had nothing to do about copyright/licenses, only about potential malicious intent.
Expect an announcement here with more details soon https://github.com/microsoft/vsmarketplace/
As a reminder, the VS Marketplace continuously invests in security. And more about extension runtime trust can be found in this article https://code.visualstudio.com/docs/editor/extension-runtime-...
Thank you!
isidorn commented on GitHub Copilot: The Agent Awakens github.blog/news-insights... · Posted by u/meetpateltech
Same here
Sorry about that. Can you switch to copilot chat pre-release extension. Should be a big button "switch to pre-release".
We are tracking this issue here https://github.com/microsoft/vscode/issues/239836