Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Eclipse Foundation requires pre-publication security checks for open VSX extensions
Celebrities

Eclipse Foundation requires pre-publication security checks for open VSX extensions

By February 4, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Ravi LakshmananFebruary 4, 2026Supply chain security/secure coding

Open VSX extension

The Eclipse Foundation, which manages the Open VSX Registry, announced plans to conduct security checks before Microsoft Visual Studio Code (VS Code) extensions are published to open source repositories to combat supply chain threats.

This move marks a shift from a reactive to a proactive approach to ensuring that malicious extensions are not published to the Open VSX registry.

“Until now, the Open VSX Registry has relied primarily on post-publication response and investigation. When malicious extensions are reported, we investigate and remove them,” said Christopher Guindon, director of software development at the Eclipse Foundation.

“While this approach remains relevant and necessary, it does not scale as the volume of publications increases and threat models evolve.”

This change comes as open source package registries and extension marketplaces are increasingly targeted by attacks, allowing malicious parties to target developers at scale through a variety of methods, including namespace spoofing and typosquatting. Just last week, Socket reported an incident where a compromised publisher account was used to push harmful updates.

By implementing pre-publication checks, we aim to limit the scope of publication, flag the following scenarios, and isolate suspicious uploads for review rather than publishing them immediately.

Clear case of extension name or namespace spoofing Accidentally exposed credentials or secrets Known malicious patterns

It’s worth noting that Microsoft has already implemented a similar multi-step review process for Visual Studio Marketplace. This includes scanning incoming packages for malware, rescanning all newly published packages immediately after publication, and periodically rescanning all packages in bulk.

The Extension Validation Program will be rolled out in stages, with maintainers using February 2026 to monitor newly published extensions without blocking publication, fine-tune the system, reduce false positives, and improve feedback. Enforcement will begin next month.

“The goal and objective is to raise the security floor, help publishers catch issues early, and keep the experience predictable and fair for honest publishers,” Guindon said.

“Pre-publishing checks reduce the chance of obviously malicious or insecure extensions entering the ecosystem and increases trust in the Open VSX Registry as a shared infrastructure.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleCISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Next Article Microsoft warns that Python Infostears is targeting macOS via fake ads and installers

Related Posts

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

Best Hair Moments at the 2026 BET Awards

June 29, 2026

Pharrell Williams shows off his bold take on men’s wedding rings

June 29, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

“It was never a racial issue.”

Trending Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

June 30, 2026

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

“It was never a racial issue.”

June 30, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.