[filiptronicek]

> Expect an announcement here with more details soon https://github.com/microsoft/vsmarketplace/

Hi Isidor, excited for this! At Open VSX, we'd love to take a look and potentially flag the extension as malicious on our side as well. Are you aware of the version range that the malicious code was included in? I'm asking because https://open-vsx.org does not have any version published since the extension went closed-source.

[flutas]

The extension file is still available to download directly from MS.[0]

I downloaded the file, and unzipped it, but on a cursory glance I only see obfuscated code nothing malicious.

[0]: !!!WARNING MAY BE MALICIOUS!!! https://marketplace.visualstudio.com/_apis/public/gallery/pu...

[HelloNurse]

Obfuscated code is malicious, even in case it's harmless.

[flutas]

Then never download an Android app, they're obfuscated by default.

[HelloNurse]

Obfuscating Javascript is entirely unnecessary: it signals that the author thinks that they have something to hide.

At the very least, the author has delusional notions about the greatness of their source code and they worry about piracy, meaning that there is a high probability of stupid bugs and that they would be difficult to notice because of the obfuscation.

Of course in this case the default assumption should be that there is something malicious to hide.