Be careful with that VS Code Extension!

Posted on by manchicken
Generic photograph of someone on a laptop using VS Code

Those extensions and themes you’ve been installing in your IDE could be dangerous. I understand that there are a lot of cool extensions and themes out there, and I am quite aware that some of them can be quite the time-saver. Unfortunately, I’m also aware of the supply-chain risk associated with IDE extensions.

There is a growing body of evidence which suggests that advanced persistent threat actors (APTs) are targeting developers and developer tooling, and have been for a while. They want to compromise our projects and products for their own purposes and interests, and when we’re careless we make this easier for them. There is no technique which will bring your risk to zero, but there are some small steps you can take to understand and reduce the risk. Here are my tips for remaining safe in this landscape.

0. Known publishers on trusted marketplaces

VS Code has a public marketplace for themes and extensions, and if you’re using their IDE you should use the official marketplace. If you’re using IntelliJ or some other IDE, this advice still applies, just with the appropriate marketplace.

Stick to publishers which have gone through the verification process. Microsoft’s verification process requires that the publisher demonstrate that they control the domain that they’ve registered with, and it also requires the organization be in good standing for the prior six months.

1. Use caution with themes

I know that this is lame, and I know that this limits your ability to configure your rig the way you’d prefer, but it’s for a good reason. Themes are also extensions, and they can have executable code as part of the payload. No icon pack is worth getting pwned. If you’re going to use a theme or an icon pack, treat them like extensions. Don’t underestimate the risk, even if it is just a theme or an icon pack.

2. Read the code

For marketplace extensions there is often a repository attached. I know that it seems paranoid, but you can go to the repository and skim the code. You can even point your favorite LLM at the repository and read through the code with it if you’re unfamiliar with how it’s written. When I look at extensions I’m looking for the following:

  • Is it still being updated? If the extension hasn’t cut a release in more than 24-36 months then I’m out. I don’t want the liability of running abandoned extensions.
  • Are there any “binary blobs” or obfuscated code? Those are huge red flags. No legitimate project will obscure their code to make it more difficult to read, and if they’re using an open source or copyleft license then its absurd.
  • What telemetry is present? Some of these tools are quite nosy, and they want to phone home to let their developers know what folks are doing. I’m not going to go into motives here because from a user perspective it doesn’t matter. I don’t want tools that I use to tell third parties about what I’m doing. Obviously there’s an exception if the telemetry is in service of the purpose of the extension itself, but those extensions are kinda rare in my experience.
  • Do they have a policy for how to report security vulnerabilities, and are they tracking dependency vulnerabilities? These are two steps that all maintainers should be familiar with, and I expect them with every project I use. If someone isn’t telling me how to report vulnerabilities then they’re probably not thinking about security. That’s a problem for me, I hope it’s a problem for you too.

Now’s the part where I get the question about what I do if I can’t see the code. If I can’t see the code I won’t use the extension. As a general rule, the only time I want to use an extension that isn’t open source is when it has been approved and required by my employer, or is required to interact with a specific vendor.

3. Use tools like LuLu

Objective-See makes security tools for macOS which allow you to tell when a new process is trying to access the internet. This is a huge life-saver! If you’re using a new tool, and it shouldn’t be connecting to the internet, LuLu will alert you if it tries to connect to the internet. LuLu will also allow you to block it from connecting to the internet. This type of tool is often referred to as an intrusion detection type tool, or an EDR tool. These tools will respond if something unexpected happens, and you should use them. These tools have saved my bacon more than once.

4. Never disable the safeties

Use secure boot. Use macOS’s advanced data protection. Never disable these safeties, because they’re there to prevent malware from taking hold on your box in ways that are difficult to detect.

5. This applies to other tools, too

I love tools like oh-my-zsh and starship. I spend a lot of time in the terminal, and these tools make life more pleasant. I’m always careful to limit my use to tools which allow me to view the source code, seem well-maintained, and are transparent about how they handle bugs and security reports.

6. Don’t skip permissions

If you’re using tools like Claude Code, gosh it’s important to make sure you’re keeping it tight with the permissions. I know I’m just a grumpy old man, but I always approve everything that Claude Code does individually. Not only does this help me follow along with what it’s doing, but it also means that I can stop or redirect it when it does make mistakes (and it does make mistakes). Sandboxing is also important, where available, but the permissions system was built for a reason.

I know that the point of your AI tools is to improve your productivity, but there are a bunch of horror stories where folks allowed their tools to run wild and regretted it later. Automation is not just about moving fast, it’s also about moving with precision and control. If a job can’t be automated safely then it shouldn’t be automated, and you can automate these things safely if you are patient, attentive to detail, and don’t skip the permissions. It’s not repetitive hell to be skipped or ignored, it’s output from your code generation tool which does require your attention.

That’s All, Folks

I hope it was helpful. Please be mindful of extensions; they can be helpful but they can also ruin your day (and harm you professionally).

Related Posts

A linux terminal showing a user logged in as "root@linuxbox"

1Password CLI Adds Risk

In October of 2023, I reported a vulnerability to 1Password regarding their op (a.k.a. 1password-cli) program. In my report I detailed that their approach to prompting users only once, and then leaving the vault open to the CLI was easily exploited in supply-chain scenarios, especially when a threat actor targets developer toolchains. There are two attack paths I highlighted, and I supplied them with a proof for one of them.

Secrets in Lambda Env Vars

Hello, friends! I’m here on this fine Thursday with some low-key advice on a very serious problem: you—or someone you know—has been putting secrets into […]