Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.
"The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html