HN

Need help?
<- Back
GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Timofeibu

Comments (396)

  • wvh
    I've been telling less computer literate folks not to install random stuff since the nineties, and I can't understand how many devs are doing just that these days.I used to work in security auditing, and it makes me feel pretty jaded to think of the gigabytes upon gigabytes of random stuff that just gets pulled in from everywhere in IDEs, package managers, build pipelines and container images.At least back then there was still a chance to read a significant part of the code and find problems before they found you.
  • jakemm
    There is a Feature request from 2018 that I have been following for a long time to ask for VSCode Sadbox. I do not understand how Microsoft is not putting it up in priority.https://github.com/microsoft/vscode/issues/52116
  • camkego
    The security model, or almost lack of any whatsoever in VSCode drove me to only install MSFT extensions, then use Code Server in a docker container, but I decided I didn’t like using my editor in a browser.Finally I have decided to start using Zed, which isn’t perfect on the security front, but much better IMHO. The combination of WASM extensions, and the ability to put language servers, etc, in dev-containers seems like a great step forward.I hope Zed continues to improve their extension and language server security model. Actually I hope VSCode does too, but honestly, I am not optimistic.
  • luodaint
    Your extensions in VSCode have ambient access to your filesystem, your tokens, and your environment. The servers of tools like Claude Code or Cursor have that ambient access too. This was justified for Nx Console's purposes. This is justified in a coding agent's filesystem MCP. The exact same trust model: install it, it runs, you trust its scope implicitly.What I ended up changing after contemplating this matter: all my MCP servers are scripts from my repository and not npm packages. All the information about the scopes these servers can use is contained explicitly in my context file (certain directories, certain tools). There's nothing untrusted reaching my filesystem/tokens.There's the same supply chain problem in VSCode extensions as there is with the MCP servers. Very few companies that audit their extensions started auditing their MCP servers.
  • felooboolooomba
    In addition, we need a fundamental change in OS security. It's not OK that every application you run has access to all your files and unfiltered internet access by default.
  • poelzi
    Working hard on the github killer. Fully decentralized with nearly unbreakable release system. Multiple parties need to produce the same artifacts in the release workflow. IKA then signs the release on the network side, you sign your release using hardware token. Release pipeline analysis source code for malware on the complete dependency chain. Rust + Nix + SUI + WALRUS + SEAL + IKA - a complete decentralized economy. A few more weeks until testnet :)
  • notnullorvoid
    I really hope this pushes Microsoft to add a explicit permission system to VS Code extensions, and improve security of dev containers.
  • dang
    Previous thread in sequence:GitHub is investigating unauthorized access to their internal repositories - https://news.ycombinator.com/item?id=48201316 - May 2026 (321 comments)
  • mcoliver
    Vs code extensions have been terrifying for a long time. Such a wild and obvious attack vector. I'm constantly getting pop ups in vscode to install an extension because it recognizes a certain file type. It's 50-50 whether that extension is owned by a company or some random dev. Some of these have millions of installs and on first glance appear to be official company owned extensions. I'm at a point in my life where I only installed official company owned extensions and even that is hard to be sure I'm not getting suckered. Sad state.
  • urbandw311er
    I wonder if this was the compromised nx console extension that bit me yesterday. The timing seems identical. See https://github.com/nrwl/nx-console/security/advisories/GHSA-...
  • codedokode
    Note that VS Code is built on Electron and it is a pain to sandbox because Electron has (had?) SUID sandbox helper, and you cannot run SUID binaries in sandbox easily. Sandboxing on Linux is extremely difficult task.
  • freakynit
    Updated: Catalog of all major npm/nodejs ecosystem attacks since May 2025-2026: https://npm-supply-chain-attacks-25-26.pagey.site/All used techniques and mitigation strategies, including this one: https://npm-supply-chain-attack-techniques.pagey.site/
  • tekacs
    Maybe I'm missing something really obvious, but... 3,800 repos? I guess I find it kind of surprising they have that many!
  • furyman
    I was using Intellij until start of last year and then my organisation started pushing towards vibe coding. To my wonder, the models selection option is not available in Intellij but available only VSCode. The whole UI is mess and so scattered. It's a nightmare if you're coming from intellij. Plus on the verge of security violation on behalf of any extension you would just want to try on.
  • danpalmer
    Why does a company in GitHub's place allow employees to install random VSCode extensions?! That seems grossly irresponsible.
  • QuantumNoodle
    I'm more surprised hackers found a large enough uptime window to do this.
  • cdrnsf
    That's one way to make things open source.
  • lexybarton
    Pinning version and auditing updates might solve the problem of benign products going rogue... Can't we crowdsource, or otherwise curate the products.... I mean they (App Store, Play Store, Visual Studio Market Place, Microsoft Store,...) just don't seem to be much useful in this matter.
  • delduca
    Zed extensions are sandboxeds with restricted permissions btw…
  • fg137
    The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1][2]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this.I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security.[0] https://github.com/microsoft/vscode/issues/52116[1] https://news.ycombinator.com/item?id=42979994[2] https://news.ycombinator.com/item?id=46855527
  • 1970-01-01
    But, it did not go down! Progress!
  • gizzlon
    Interesting, this went Tanstack -> Nx Console -> GitHubI wonder how many other secrets and tokens have been stolen, just waiting to be abused to publish a malicious version of.. something.IMO, the problem is [1] that actually rotation all secrets just because you might have installed a compromised packe is a huuge PITA. So it's tempting to take it lightly and hope for the best. And even if you really try, it's easy to miss one.1: in addition to "running code from whereever" with little sandboxing
  • cdnsteve
    So basically we are now waiting for a wave of massive new exploits coming via GitHub itself. Lovely
  • pamcake
    At what point did/does it start feeling naive to trust the integrity and output of Github Actions on general? Does it feel unlikely that an attacker would be able to get a foothold in that infrastructure?
  • dotwaffle
    I'd have thought that by now, most would have been swapping to WebAssembly. It's really nicely sandboxed, you expose it to only what you want, and you can compile a lot of languages into a WASM form meaning you're not stuck with only Javascript or similar. Am I naive for thinking that?
  • schpet
    i'd love to be able to use fine grained tokens with gh and not expose every repo and org that i am connected to on github, but you can't see the results of a github actions check that way (no 'Checks' permission available). hoping these breaches push things in the direction of access being less annoying to manage.
  • anon
    undefined
  • buio
    hmm I created my project based on malicious browser extensions. But I am starting to think that I should make it more broad and look at VSCode extensions too.I keep reading about vscode extensions going malicious and I feel the same way as I did when I was reading (and still am) about all the malicious browser extensions. I don't understand the lack of security around "extensions" in all sectors..
  • bfivyvysj
    Why is the extension not being named?
  • vldszn
    “Nx Console VS Code extension was the initial access vector in the GitHub breach”Source: https://news.ycombinator.com/item?id=48216614
  • zkmon
    I ditched VSCode for Sublime Text long back and don't feel missing anything. If any, my productivity and control over things has only improved.
  • ulimn
    I'm surprised that we have a lot of comments but still no alternative which would be secure by design. Meaning, not downloading stuff shadily in the background like Zed, or allowing extensions to roam free like VSCode...
  • psadauskas
    If only the company behind VSCode, the company behind NPM and the company behind GitHub could get together and figure out a solution to this.
  • innoying
    If you own a GitHub organization and are looking for what changes/controls you can apply to reduce the risk/impact of PAT token exfiltration (and subsequent abuse) like what occurred here, I listed a few at the end of https://blog.bored.engineer/github-canarytokens-5c9e36ad7ecf...- Enable audit log streaming[1] on your enterprise including source IPs and API requests, even if it’s just going to an S3 bucket nobody looks at it, your incident response team will thank you later.- Enforce the use of SSO on your GitHub organization[2], not just because SSO is good but because it forces an explicit authorization action[3] by users to grant an SSH key/PAT access to your organization resources, instead of granting access implicitly. That way the PAT created for someone’s weekend project won’t have access to your organization resources.- Enforce an IP allowlist[4] for your organization from a set of known trusted VPN/corporate IPs. This is by-far the strongest control (and the most painful to rollout) as it will prevent stolen credentials (even if still valid) from being used by an attacker except on the intended systems where you (hopefully) have other visibility/alerting via EDR or related tooling.- If you can, restrict access from personal access tokens[5] to your organization resources. Blocking classic PATs and enforcing a maximum expiration (ex: 3 months) on fine-grained PATs is a great way to reduce risk if you can’t eliminate PATs altogether[6].- If you use GitHub enterprise (on-prem), configure collection of the raw HTTP access logs[7] in addition to native GitHub audit logs, it may prove critical during incident response.[1]: https://docs.github.com/en/enterprise-cloud@latest/admin/mon... [2]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [3]: https://docs.github.com/en/enterprise-cloud@latest/authentic... [4]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [5]: https://docs.github.com/en/enterprise-cloud@latest/organizat... [6]: https://edu.chainguard.dev/open-source/octo-sts/overview/ [7]: https://docs.github.com/en/enterprise-server@3.16/admin/moni...
  • eneveu
    When installing IntelliJ IDEA extensions, I download the code and try to check it for malicious stuff using Claude Code... But not perfect since the code might not match what was released. We would need reproducible builds...I was also toying with comparimg timestamps of git tags / GitHub releases / GitHub actions / plugin update timestamps as one indicator of potential tempering.But not ideal.
  • prodigycorp
    Someone scold me if I'm wrong but this is really worrying. Threat actors with Github's internal code means a huge acceleration in vulnerability discovery for the one platform where everybody warehouses their code.How is this not really, really bad?
  • nullbio
    This is why uninstalled 90% of my VSCode extensions last year. The writing is/was on the wall.
  • shandilyaharsh
    shouldn't anthropic give mythos access to github, prolly the most insecure piece of software while also being the most important one
  • vldszn
    friendly reminder:- disable auto-updates for extensions in VS Code/Cursor- use static analysis for GitHub Actions to catch security issues in pre-commit hook and on ci: https://github.com/zizmorcore/zizmor- set locally: pnpm config set minimum-release-age 4320 # 3 days in minutes https://pnpm.io/supply-chain-security- for other package managers check: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e...- add Socket Free Firewall when installing npm packages on CI to catch malware https://docs.socket.dev/docs/socket-firewall-free#github-act...
  • huey77
    The forum listing for the stolen source code (per the screenshot in article) says 1 buyer or they leak for free. Is GitHub about to become open source?
  • elAhmo
    Insane to think GH has at least 3800 internal repos.
  • gus_
    so how did they exfiltrate the information without noticing? what OS was the developer using? what security measures were they using?yesterday discussion https://news.ycombinator.com/item?id=48191680
  • zx8080
    > "Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,"So great that they removed the extension! Do they do it only after their own employee was infected? And why "unnamed" extension?
  • lxxpxlxxxx
    Is there any way to know if my repos were affected?
  • purpleidea
    What's inside the canada.tar.gz one?
  • 2OEH8eoCRo0
    So which extension? Why don't they tell us?
  • monster_truck
    Where's the torrent
  • neya
    This has significant consequences for companies hosting their private repos with GitHub. It's a huge security threat if the attacked has access to the source code. At the very least, GitHub should let people know if their repo was part of the hack or not. It's the most responsible thing to do.
  • BatteryMountain
    The chickens are coming home to roost across the industry. The next 5 years ALL technical debt will have to be repaid or you all will be eaten alive. Good luck all.
  • classified
    > "Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. ..."Am I blind or did they never say which extension that was?
  • otikik
    So I have been thinking about this for a while - if your product has "plugins" there's only two ways forward:* There's a line of "blessed plugins" that your own company supports, maintains and guarantees, and everything else is considered "not trusted" or* Plugins have explicit permissions - like phone apps do. "This plugin can make external calls/write to the filesystem inside a dedicated folder/read and set cookies". And then you are in charge of enforcing that with the strongest sandbox you can make.Plugin ecosystems without these rules are just the wild west.
  • KnuthIsGod
    Each day NeoVim / LazyVim sounds better to me...
  • Uptrenda
    What are the take aways from this? Should we avoid extensions now? Only install extensions from who you trust? What about if they get owned and you have auto-update extensions on as most people do?
  • fhn
    Good. They are eating their own dog food
  • shevy-java
    Microsoft is slowly killing GitHub the moment it became known as the Microslop company. Those incident reports have really amplified in the last few months.
  • LeoPanthera
    Has there been any confirmation of this from a source other than X? It's weird that that's the only source, and therefore makes me distrust the entire story.
  • BrunoBernardino
    Curious timing that I've started moving private repos to SourceHut a couple of weeks ago. It's pretty good and fast!I'm also mirroring public ones to Codeberg.I'll write about it when I'm done.
  • jack-pissy
    some of the repos that were listed by these hackers(summarized by LLM):Funny / Odd Namesold-man-yells-at extremely-verbose-application mildly-sentient-scripts awful-git-machine awful-archive-machine slop-trap yaktriage yakety-yak what-in-the-shell gh-hell amen afk beer coffeeOcto-Themedoctoqueer octogatos octokeg octopets-prototype octoquarium octodex force-directed-octocatAnimal / Random Nameskittens Cats-of-GitHub accesscats-and-friends adacats-and-friends suave-capybaras nifty-armadillos cuddly-broccoli torched-marshmallowsAI / Experimentalreflect-gpt reflect-gpt-reloaded experimental-copilot-server agentic-memory-playground codeml-autofix copilot-mission-control llm-assist snippet-gpt meeting-summarizerInternal Culture / Toolsno-meeting-friday-reminder engineering-deadlines engineering-operations-playground forced-deploys four-nines-alerts incident-responder oncall-issue-creator alert-routing-verifier dependency-audit availability-risk-registerMisc / Interestingthe-after-party pong gameoff github-games caption-this haikus-for-codespaces this-day-in-github-history
  • aizk
    And now, the hackers will be able to scan the repos for more vulnerabilities. Vulnerabilities all the way down.
  • CroviaTrust
    [flagged]
  • kittikitti
    If I'm using more than 5 extensions for a lightweight client like VSCode, I consider whether a full IDE is more appropriate since they have the functionality built in. The same features but from 3rd party extensions introduces more attack vectors.
  • CivBase
    My company has extremely strict policies about installing software. We have to call up IT any time we want an application installed. As an engineer it's very annoying to deal with, but I understand it. Problem is they have no policy about extensions and npm/pip packages. It's a time bomb waiting to go off.
  • josefritzishere
    Is it premature to blame AI Microslop?
  • sunshine-o
    Isn't 50k a bargain for what could potentially be in those files?Maybe they looked it up and there wasn't anything interesting but then why take the risk for this kind of money?Something doesn't make sense.
  • Pxtl
    Microsoft: "you shouldn't run untrusted code, here's a mess of ugly dialogs for people to click through if they try."Me: "Okay, I'd like to make signed trusted code, how do I do that?"Microsoft: "don't worry, we have the most expensive and tedious signing process in the industry."Me: "okay, will users be properly protected from malicious code then?"Microsoft: "Nope!"
  • dude250711
    A good day not to be using Electronjs trash.
  • xyzal
    Sigh. I guess there isn't any "min-release-age" for extensions ...
  • jmclnx
    Another day another issue with Microsoft products, what else can be said :( At least they are being upfront these days.
  • efilife
    What was the extension what the fuck? No mention of the name anywher?e
  • shawakash54
    [flagged]
  • Oxlamarr
    [flagged]
  • cnguyen1494
    [flagged]
  • vladsiu
    [dead]
  • assanineass
    [dead]
  • a-dub
    [dead]
  • NexraGear
    [flagged]
  • thrawa8387336
    Who uses GitHub in 2026
  • sharts
    something something javascript, npm, etc.
  • jehnnysmith
    question is why are people still using vscode or coding by hand?
  • Onplana
    If they tighten up things, it would impact the ease of use.