-
-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unverified VS Code Publisher #123
Comments
Also, really love this extension. Congratulations on its success! |
Hi, thanks for reporting this. FYI, I'm not the extension author; I'm just an enthusiast who contributes a little bit. Looking into this for a few minutes I found this article: https://medium.com/@amitassaraf/3-6-uncovering-design-flaws-in-the-visual-studio-code-marketplace-ea1d8e8b0171 As this is the actual repo and homepage of the ts-pretty-errors extension, in this case the warning is just exactly what it is: a warning. Using an actual verified domain as the homepage for the extension seems like a bit much just to get rid of a warning on a third-party site. I think they point out a very valid flaw, I hope the VS Code team takes it seriously and works to improve this attack vector. |
Thank you @jb-asi and @kevinramharak, If anyone can help speed things up it will be really appreciated |
Describe the bug
A third-party-extension security rater (similar to Snyk) has given this repo's VS Code Extension a "medium" threat level due to:
Link here.
Expected behavior
Please consider if it would be simple and convenient to become "verified" as a publisher. If so, perhaps it may be something you would be willing to do. Or not!
Original error
[Not applicable]
Screenshots
[Not applicable]
The text was updated successfully, but these errors were encountered: