In October 2025, Wiz publicly disclosed a major supply-chain security problem affecting the VSCode extension ecosystem (including both the official marketplace and alternative registries like Open VSX). They found that hundreds of extensions, many from legitimate publishers, contained hard-coded secrets and access tokens inside their distributed packages.
Because VSCode and Open VSX regularly auto-update installed extensions, these leaks granted attackers the ability to hijack entire developer toolchains, push malicious updates, or exfiltrate credentials, turning trusted developer tools into powerful malware delivery vectors.
What Happened
Researchers at Wiz began investigating after suspicious activity tied to attempts to plant malware in the VSCode Marketplace. During that process, instead of only finding overtly malicious extensions, they discovered a more widespread issue: a large number of extensions unintentionally shipped with embedded secrets.
- In total, Wiz identified over 550 validated secrets across more than 500 extensions.
- These secrets included a wide variety: API keys for AI providers, cloud services (AWS, GCP), database credentials (MongoDB, Postgres, Supabase), payment/service platform secrets (Stripe, Auth0), and more.
- Most critically, more than 100 leaked tokens were Marketplace Personal Access Tokens (PATs), meaning they granted full control over extension publishing and updates. This affected roughly 85,000+ installations. Meanwhile, over 30 leaked tokens belonged to Open VSX, impacting an additional 100,000+ installs.
Because VSCode updates extensions automatically, an attacker with a valid token could push a malicious update that installs malware across all installations, without user interaction.
In response, both Microsoft (for VSCode Marketplace) and Open VSX acted: they revoked exposed tokens, removed vulnerable extensions, and rolled out enhanced secret-scanning protections to prevent future leaks.
How It Happened
The leak was not primarily due to a software bug, but a combination of human error, poor secrets hygiene, and misplaced trust in development tools. Main factors include:
- Hard-coded secrets and tokens in extension code or configuration files – Developers/publishers erroneously embedded credentials directly into the extension package before publishing. Because extensions are zipped archives (.vsix), anyone can unzip and inspect every file.
- Broad permissions tied to PATs – Some of the embedded tokens granted not just API access, but publishing privileges, effectively giving whoever had the token the power to push new code under the extension’s identity.
- Automated updates by default – The auto-update feature of VSCode meant that once an extension was installed, any malicious update would be automatically applied, expanding the reach of a malicious actor without additional user action.
- Lack of secret-scanning prior to publishing – Marketplaces previously lacked effective controls to detect embedded credentials before extensions went live. This gap allowed credential leaks to slip into public distribution at scale.
The result: even extensions that appeared benign, themes, utilities, AI assistants, became potential trojan horses. Some of the compromised extensions belonged to major enterprises and vendors, broadening the risk significantly.
Possible Impact & Risk
This supply-chain exposure in the development environment has serious, multi-layered consequences:
- Mass credential exposure at scale – API keys, cloud credentials, database secrets, and more, all potentially harvested by attackers.
- Malware propagation across developer systems – Hidden scripts or malicious updates can spread automatically via extension updates, compromising development machines, CI/CD pipelines, and even production infrastructure downstream.
- Source-code theft, intellectual property loss, and supply-chain contamination – Attackers could inject backdoors into extensions or deploy compromised code across many projects.
- Wide enterprise exposure – Because VSCode is used globally, including enterprise developers, a single malicious extension update could affect thousands of developers and multiple companies.
- Erosion of trust in open-source tooling and third-party marketplaces. The incident shows how risky it is to treat developer tools and extensions as inherently safe.
According to industry reporting, this is “one of the largest VSCode supply-chain risks ever uncovered,” and could have enabled attackers to distribute malware to a cumulative ≈150,000 developers if not remediated quickly.
Recommendations for Developers & Organizations
Given the exposure, it’s critical to take proactive steps to secure development workflows:
- Audit all installed VSCode/Open VSX extensions – Remove non-essential extensions, especially those with unclear provenance or unknown publishers.
- Disable auto-updates, or require manual review before applying updates – This helps prevent automatic propagation of malicious changes.
- Scan extension packages before installation – Treat .vsix files like any other third-party software, unzip and scan for embedded secrets or unexpected code.
- Use least-privilege credentials only – Never embed high-privilege tokens (like publish PATs) in public packages. Use environment-specific credentials managed via vaults or CI secrets instead.
- Incorporate secrets detection into CI/CD pipelines – Automatic tools can scan for credentials in code, config, and dependency artifacts before deployment.
- Maintain an approved-extension allowlist – Enterprises should define a curated list of trusted extensions and block everything else.
- Educate developers about supply-chain risks – Treat IDE extensions and plugins as part of the attack surface, not just code dependencies.
Conclusion
This incident is a textbook example of how non-human identities, tokens, service accounts, automation credentials, are among the riskiest assets in a modern development environment. When poorly managed, they can turn familiar developer tools into backdoors.
As organisations increasingly rely on automation, AI-powered dev assistants, and third-party tooling, controlling and governing these machine identities becomes essential. The VSCode extension marketplace breach reinforces that identity security isn’t just about user accounts, it is also about every piece of software, automation token, and CI/CD pipeline you trust.
