Open VSX is now critical infrastructure, which is a phrase that should make everyone involved sit down and stare at the wall for a while.
That’s not me being dramatic for sport. The Eclipse Foundation says the registry now handles more than 300 million downloads a month, serves over 12,000 extensions from more than 8,000 publishers, and peaks at stupid-o’clock traffic because every AI-flavored editor on earth wants to pretend it invented extensions. They even launched a managed registry and a security researcher recognition program, which is great, because once your plugin store starts acting like a power grid, the vibes stop being enough.
And yet.
GlassWorm just rolled through again with 73 Open VSX sleeper extensions, six already activated, the rest suspicious as hell. The trick is simple and disgusting: publish something that looks harmless, let people install it, then ship the payload later through the normal update path like a little parasite in a blazer. Some variants pull a second VSIX from GitHub and force-install it through the editor CLI. Some hide logic in native .node modules. Some just sit there until the attacker decides the fruit is ripe.
That is the part nobody wants to say out loud: an extension marketplace is not a toy app store. It is remote code execution with branding.
You do not install a WakaTime clone because you crave the thrill of arbitrary code. You install it because you want to know how many hours you’ve wasted staring at a diff and pretending it’s progress. Then the thing wakes up inside your editor, which already has your files, your terminal, your tokens, your SSH config, your cloud creds, and probably that one cursed note file you keep meaning to delete. Congratulations, you have invited a stranger into the most overprivileged room in your house.
And before someone trots out the usual museum piece about “responsible disclosure” and “better scanning,” sure, fine. Scan more. Verify more. Revoke tokens faster. The Eclipse folks are already doing some of that. Good. Necessary. Still not enough.
Because sleeper extensions are designed to survive exactly the kind of checks people love to brag about. They are clean at publication. They turn later. They can be cloned from legitimate listings so they look familiar to exhausted humans doing eyeball triage at 4:37 p.m. on a Tuesday. They can be published by compromised accounts, which means “publisher reputation” becomes a glittery little lie the moment somebody gets phished, socially engineered, or just sloppy enough to leave a token lying around like a dead cigarette.
This is why the whole “open source means safer” chant sounds so stupid when applied to extension stores. Open source means inspectable. It does not mean trustworthy. It does not mean the package you clicked on at lunch won’t turn into a cross-editor infection chain by dinner.
Open VSX is also trying to professionalize itself, and fair play to that. A managed registry. More security investment. Recognition for researchers. All sensible moves. But there’s a bitter little joke hiding in the middle of all that growth: the more successful the registry gets, the more it starts to resemble every other huge software marketplace that was supposed to be “different” and then discovered humans are still the worst dependency in the stack.
The real problem isn’t that Open VSX is broken in some uniquely cursed way. The real problem is that we built an ecosystem where the cheapest way to ship “productivity” is to grant strangers direct access to the machine you write production code on.
That’s not an ecosystem. That’s a trap with autocomplete.
The fix is boring, which is probably why everyone hates it. Default allowlists. Publisher pinning. Provenance for updates, not just initial uploads. Stricter treatment of native code. Sandboxing that treats extensions like suspects instead of coworkers. Less “install anything from the bazaar,” more “prove your identity, prove your payload, prove you won’t redecorate my laptop with malware while I blink.”
Will that kill some of the convenience? Obviously. Security always does. The question is whether you want convenience or whether you want the thing that formats your code to stop acting like a tiny, self-updating crime scene.
If your editor can silently install a new binary from a GitHub release because a plugin said so, that is not extensibility. That is curl | bash in a trench coat.
And honestly? I’m tired of pretending that’s normal.