Developers Are Victims Too : A Comprehensive

Analysis of The VS Code Extension Ecosystem

Shehan Edirimannage1* , Charitha Elvitigala1* , Asitha ,Kottahachchi Kankanamge Don1 , Wathsara Daluwatta1 ,
Primal Wijesekara2 , Ibrahim Khalil1
1
School of Computing Technologies, RMIT University, Melbourne, VIC 3000, Australia
2
International Computer Science Institute & University of California, Berkeley, CA, 94704, US
*
The first two authors contributed equally to this work.
{shehan.edirimannage, charitha.elvitigala, asitha.kottahachchi.kankanamge.don, wathsara.daluwatta}@student.rmit.edu.au
[email protected], [email protected]
arXiv:2411.07479v1 [cs.CR] 12 Nov 2024

Abstract—With the wave of high-profile supply chain attacks organizations, then the economics suddenly shift heavily to the
targeting development and client organizations, supply chain attacker. This has become quite apparent in the wake of several
security has recently become a focal point. As a result, there is an high-profile attacks [2], [6], [11]. The sheer scale of these
elevated discussion on securing the development environment and
increasing the transparency of the third-party code that runs in attacks is unprecedented. However, the security community
software products to minimize any negative impact from third- has been aware of these risks for almost 40 years.
party code in a software product. However, the literature on
secure software development lacks insight into how the third- Standards, like the Software Bill of Materials (SBoM),
party development tools used by every developer affect the increase transparency and awareness of the third-party code
security posture of the developer, the development organization, that may be executed in an organizational environment. A
and, eventually, the end product. To that end, we have analyzed few of the current literature on supply chain security includes
52,880 third-party VS Code extensions to understand their threat
to the developer, the code, and the development organizations. securing CI/CD [12], [13] or securing update channels [14]
We found that 5.6% of the analyzed extensions have suspi- focusing on securing the product even before it ships out of
cious behavior, jeopardizing the integrity of the development the development organization. Security literature has looked
environment and potentially leaking sensitive information on the into how developers write secure code [15] or how they look
developer’s product. We also found that the VS Code hosting the for security advice [16], which is essential in securing the
third-party extensions lacks practical security controls and lets
untrusted third-party code run unchecked and with questionable whole ecosystem. However, the recent high-profile attacks
capabilities. We offer recommendations on possible avenues for on a development organization emphasize the importance of
fixing some of the issues uncovered during the analysis. securing the roots of the supply chain: the developer [17].
Index Terms—Privacy-invasive software, Trust management,
Software tools, While SBoM helps to articulate the composition of the
software code consisting of third-party software libraries, there
I. I NTRODUCTION has been an oversight on one aspect of the development
activity that involves third-party code: developer tools. De-
Accepting the Turing Award in 1984, Thompson projected velopers use tools for a wide range of activities that have
that reliance on third-party software components involves a a direct impact on the final software code. There is already
significant amount of trust [1]. Despite this warning and sub- documented evidence [18], [19] of malicious developer tools
sequent research and incidents stemming from supply chain is- that could jeopardize the integrity of the development en-
sues [2]–[7], developers’ and organizations’ reliance on third- vironment, which will lead to catastrophic events such as
party components continues to increase. At the same time, recent attacks [17]. However, security and privacy literature
these components create security risks through undocumented lacks systematic knowledge of how third-party developer tools
functionality and settings, bugs, or malicious code. behave in the wild and their impact on the security posture of
Supply chain attacks have emerged as a pervasive and the developer, the organization, and the end product.
ubiquitous threat vector in recent years [8]–[10]. The main
reason why these types of attacks can be catastrophic is To that end, we analyzed 52,880 third-party VS Code
due to the nature of their coverage: numerous systems and extensions using static and dynamic analysis methods. We
software products may be vulnerable, often without users’, used static analysis to examine the code and narrow the
administrators’, or organizations’ knowledge, as most software extension list with suspicious code segments. We then ex-
products do not enumerate their constituent third-party com- ecuted those selected extensions using an instrumented VS
ponents. Mounting an attack on several hundred organizations Code environment, logging all their execution aspects. We
would otherwise be daunting; however, if the attacker can also used VirusTotal [20], Retire.js [21] to scan for malicious
compromise one of the tools or systems used by all those content and known vulnerabilities. With this holistic analysis
approach, we found that 5.6% 1 of our collected extension set {
has suspicious behavior that could jeopardize the integrity of "main": "./out/extension",
"scripts": {
the development environment and/or leak sensitive information "compile": "tsc -p ./"
such as code and personally identifiable information. },
We contribute the following: "dependencies": { ← 1
"@types/vscode": "0.10.x",
• Systematically show that the third-party developer tools "axios": "0.0.1"
pose a serious security threat to the developer, the host },
"extensionPack": [ ← 2
computer, and the organization. "chrismarti.regex"
• VS Code, one of the most popular developer tools, has ],
a lax security architecture that lets third-party extensions "extensionDependencies": [ ← 3
run unchecked, resulting in serious security lapses. "zobo.php"
],
• To the best of our knowledge, the paper presents the first "repository": {
holistic (52, 880) analysis of developer tools and their "url": "https://me.me"
security and privacy implications. },
"capabilities": {
"untrustedWorkspaces": { ← 4
II. V ISUAL S TUDIO C ODE "supported": "true"
}
Visual Studio Code (VS Code) [22] is a free, open-source }
code editor developed by Microsoft. VS Code is built on }
the Electron framework [23], which facilitates the creation Listing 1. This listing shows a portion of a sample package.json file with
keys colored in green and values in blue.
of cross-platform desktop applications. Electron leverages the
Chromium engine [24] for rendering web pages within ap- B. Extension Development
plications. The Stack Overflow 2023 Developer Survey [25]
To develop a VS Code extension, developers use a com-
reveals that Visual Studio Code continues to be the preferred
bination of JavaScript or TypeScript and Node.js, leveraging
IDE among developers. VS Code supports various program-
the extensive VS Code API [28]. The API allows access to
ming languages, including JavaScript, TypeScript, Python,
various aspects of the editor, including its UI components,
PHP, C++, and C#.
workspace data, settings, and more. The VS Code APIs,
A. Extensions organized into intuitive namespaces, are crucial for extension
development. Key among them are vscode.workspace,
A Visual Studio Code (VS Code) extension is a piece for workspace functionalities; vscode.debug, for de-
of third-party software installed into the VS Code editor bugging; vscode.scm, for source control management;
to enhance its functionality. The development of VS Code vscode.extensions, enabling interactions with other in-
extensions is a collaborative effort involving the community stalled extensions; and vscode.tasks, for task manage-
and technology providers. A VS Code extension can be defined ment and automation within VS Code.
as a Node.js application. Each Node.js application contains a
package.json file, which holds descriptive and functional C. Marketplace
metadata about the application. Similarly, a VS Code extension The Visual Studio Marketplace [29] serves as a central hub
includes a package.json file that contains information for developers to discover, download, and publish extensions
specific to the extension [26]. This file holds additional details and other add-ons for a suite of development tools, including
pertinent to the extension, akin to the Manifest files found in Visual Studio Code (VS Code). To ensure the safety and
Android apps and Chrome extensions. reliability of extensions, the Visual Studio Marketplace scans
A portion of a sample package.json is shown in the Listing for viruses on every submitted extension or update [30].
1, each extension has its own package.json. The extension Furthermore, the Marketplace has implemented measures to
can define a set of other extensions to be installed along with deter extension authors from name-squatting, safeguarding the
its installation, and extensionPack 2 is used to configure integrity of extension names [30]. Verifying publishers for
that option. extensionDependencies is also used to Visual Studio Code (VS Code) extensions is a fundamental
define other extensions that are required and runtime depen- security measure in the Marketplace. This verification process
dencies to the other extension. Note that there is no consent entails adding a TXT record for domain verification, confirm-
taken from the user to install extensions that are described in ing the publisher’s authority over their domain [31].
the extensionPack 2 and extensionDependencies
III. T HREAT M ODEL
3 contexts. The term capabilities is used to define the
runtime scope of the extension. Restricted workspace is a VS The extensibility of VS Code allows for a rich development
Code feature [27] in which extensions are not treated as a experience but also presents a significant attack surface. Mali-
trusted source. cious actors can leverage extensions to execute arbitrary code,
access sensitive data, or compromise the integrity of the devel-
1 https://github.com/vulnerability-reporter/DAV2-ACAnTVSCEE opment environment. The threat model of the current analysis
is guided through the main three questions we mentioned in
the beginning:
1) Can an extension be malicious and pose a threat to the
host computer? Developer organization?
2) Can an extension introduce vulnerabilities to the code?
3) Can an extension leak sensitive information?
A. Malicious Extensions
In the first scenario (Figure 1), the likely process begins
with the attacker publishing a malicious extension to the
marketplace. After an unknowing victim installs the malicious
extension, the extension can communicate with other installed
extensions, including vulnerable extensions, to escalate privi- Fig. 1. Malicious Extensions
leges gain unauthorized access, or directly access underlying
unrestricted APIs to carry out the malicious attack. These
extensions can then interact with the runtime and renderer
contexts, performing malicious operations such as modifying
workspace content or running background processes. Cru-
cially, they can leverage Node.js to interact with the victim’s
operating system and share data with an external server,
compromising user privacy and system integrity. These exten-
sions are malicious by nature and designed to harm the host
computer, the developer, and/or the developer organization.
B. Vulnerable Extensions
The Vulnerable Extensions scenario (Figure 2) illustrates
how external attackers can exploit vulnerabilities in legitimate Fig. 2. Vulnerable Extensions
and benign extensions. The attacker may not directly publish a
malicious extension but instead uses vulnerabilities in existing
extensions to penetrate the developer’s host system. These
activities include injecting code into workspace tabs and exe-
cuting background operations, culminating in exploiting npm
library vulnerabilities. While the developer of the vulnerable
extensions might not be an accomplice to the potential hack,
the developer’s mistakes are a crucial contributing factor
enabling external attackers to compromise the host.
C. Privacy-Invasive Extensions
In the Privacy-Invasive Extensions scenario (Figure 3), the
threat arises from extensions that overreach their intended Fig. 3. Privacy Invasive Extensions
scope. They can monitor changes in the workspace, execute
unauthorized operations, and transmit data to external servers
without user consent, potentially leading to significant privacy techniques to filter out extensions and verify the suspicious
breaches. Such breaches carry a significant weight as they behavior. We used a mix of static and dynamic analysis.
could potentially include confidential organizational informa- While dynamic analysis exposes the execution behavior, static
tion. The biggest contributing factors is again the architectural analysis helps to narrow down the initial questionable list,
limitations in VS code with a lack of proper developer consent increasing the scalability of the analysis considerably. We
and permissions guarding sensitive information. collected a dataset of 52,880 extensions over three months
and analyzed them using various tools. This analysis also
IV. M ETHODOLOGY thoroughly examined the extension code, focusing on the
Our main objective is to understand the threats posed by VS Manifest (package.json) file.
Code extensions – we selected the VS Code for two reasons:
a) it is the leading IDE/Code Editor used by developers [25], A. Data Collection
and we can instrument the Electron-based IDE/Code Editor to To comprehensively analyze the Visual Studio Marketplace,
understand its execution [32]. Due to the vast array of capa- we developed a crawler to identify and download all extensions
bilities available through the platform, we deployed different listed in the Marketplace. To capture the most up-to-date
data, we ran a daily crawler from July 15, 2023, to October VirusTotal Analysis: VirusTotal [20], an online platform,
16, 2023, explicitly targeting recently published extensions. facilitates the analysis of files and URLs to identify potential
After three months of crawling, we ended up downloading threats such as viruses, worms, trojans, etc. It operates by
52,880 extensions. To the best of our knowledge, the extension aggregating a range of antivirus engines and website scanners.
marketplace has no geo-restrictions; hence, we are confident We utilized VirusTotal’s API to submit all examined extensions
that our initial set of 52,880 is a representative sample of the for analysis. The generated reports encapsulated the detection
entire VS Code extension ecosystem. outcomes from each participating antivirus engine.
Vulnerability Scan using Retire.js: Retire.js [21] is em-
B. Analysis pipeline: Static
ployed to detect known vulnerabilities, specifically CVEs
In the static analysis phase of our study, we rigorously (Common Vulnerabilities and Exposures) [33], in Node.js
evaluated all extensions using a combination of tools and packages used by VS Code extensions. This tool scans the
code analysis methods: VirusTotal [20], Retire.js [21], and a Node.js dependencies in each extension, revealing their secu-
combination of VS Code API Usage Analysis and Manifest rity status. These reports highlight any known vulnerabilities
Analysis. This multi-faceted approach allowed us to capture in the Node.js dependencies.
different threats with a holistic view. Figure 4 illustrates the
static analysis pipeline, delineating the sequential steps and C. Analysis pipeline: Dynamic
methodologies employed in this phase. We ran the extensions in a customized VS Code editor
with network monitoring capabilities using MITM proxy [34].
Our dynamic analysis pipeline is depicted in Figure 5, which
provides a detailed illustration of the process. This approach
enabled us to capture and analyze the in-situ behavior of the
extensions meticulously.
Extensions Selection for Dynamic Analysis: We selectively
focused on extensions that create external connections (net-
work requests), recognizing their greater potential to inflict
arbitrary damage on code, developers, host systems, and
organizations, as detailed in Section 3.4. Since VS Code does
not have a built-in API for establishing external connections,
extensions commonly utilize third-party Node.js packages.
Based on these findings, we selected 2,365 extensions for
in-depth dynamic analysis. Additionally, we chose several
other extensions suspected of harboring malicious behaviors,
through the static analysis stage. In total, we selected 2,698
extensions for dynamic analysis.
VS Code Instrumentation: We developed an instrumented
version of VS Code, utilizing VS Code 1.80 [35] as the base.
This instrumented version was designed to capture all VS
Code API calls comprehensively. We implemented monitoring
Fig. 4. Execution Flow of the Analysis mechanisms for terminal access and other resource accesses.
These monitoring capabilities were active during both the
VS Code API Usage Analysis: We analyzed the VS Code installation and execution phases of each extension.
API usage of each extension to identify poor security practices Network Request Monitoring: We utilized a pre-configured
or malicious behaviors introduced by the extension developers, mitmproxy proxy [34] to monitor web traffic generated by
potentially raising security threats and risks. We then generated the extensions, encompassing protocols like HTTP, WebSock-
an Abstract Syntax Tree (AST) for every JavaScript file within ets, and other SSL/TLS-protected protocols. We installed a
the extracted extension. The AST enabled us to scrutinize each mitmproxy certificate on the hosting environment to enable
file for VS Code extension API usage and other questionable the decryption of HTTPS traffic.
behaviors.
Manifest Analysis: We processed the Manifest D. Analysis pipeline: Summary
(package.json) file for all extensions to extract various We first ran the static analysis to detect suspicious code or
fields, specifically on dependencies, extensionPack, unusual coding patterns. These findings were then further scru-
extensionDependencies, and capabilities for tinized through dynamic analysis for confirmation. During dy-
further analysis. We aimed to understand how they influence namic analysis, we captured network requests from extensions,
the security posture of each extension and any hidden including IPs and URLs to which the extensions connect. We
behavior. We also used manifest analysis to filter any then evaluated their maliciousness using threat intelligence
extensions that could share data over the network. resources. Conversely, insights gained from dynamic analysis
also informed subsequent static analysis - doing threat analysis The current VS Code architecture does not sandbox Ex-
using VT for URLs uncovered in the dynamic analysis. tension Host Process, which hosts all the extensions. As per
official documentation [38], providing a scalable solution with
full Node.js support is the reason for separating the extension
process from the sandboxed Rendered Process. The main
caveat that comes with that decision is the Extension Host
Process can access everything from the VS Code data to the
host computer files and data.
As per Electron documentation [39], the Extension Host
Process hosts a variety of functions, including management
of untrusted services, execution of CPU-intensive tasks, and
oversight of crash-prone components. This suggests that VS
Code extensions, hosted within the Extension Host Process,
are, rightly so, treated as ‘untrusted services’ – common
wisdom suggests that any third-party code execution should
be treated with caution.
Untangling the Sandbox: Security researchers have reported
instances where malicious extensions have caused damage in
these areas since 2018 [18], [19], [40]. Letting extensions
Fig. 5. Dynamic Analysis Flow have a free pass is likely a strategic and marketing decision
to promote a robust extension ecosystem that will eventually
positively impact the VS Code market share. We also believe
V. V ISUAL S TUDIO C ODE S ECURITY A NALYSIS that fixing the issues presented in this work is non-trivial which
This section analyses the security measures in VS Code will require a complete re-design of the VS Code architecture,
and their limitations. Figure 6 shows the current architecture preserving the current functionality of the extensions.
of the Processes in VS Code. VS Code is based on Electron
framework [23]. VS Code architecture, however, has a sig- B. Perils of Unchecked Execution
nificant influence from the Chromium browser [24] and its’ VS Code adopts a trust-based model in its extension
V8 JavaScript engine [36]. However, VS Code extensions are ecosystem, characterized by broad access privileges granted
executed on top of a Node.js environment. to extensions. These privileges extend to potential interactions
with the host system and network, all granted without any
A. Sandboxing notice to the developer. Such sensitive access, while facili-
Sandboxing enables untrusted code to provide functionality tating significant functional enhancement and customization
in a controlled manner containing any harmful behavior of the capabilities, simultaneously introduces potential security risks
untrusted code [37]. In the current VS Code architecture, only especially if the code is not properly vetted.
the Renderer Process (Figure 6) is sandboxed containing any This operational paradigm of VS Code stands in stark con-
harmful behavior within the Rendered Process which hosts all trast to the permission-based models employed in platforms
the VS Code functionalities and the VS Code UI. like Android and Chrome. In these systems, explicit user
permissions are a prerequisite for apps or extensions to access
certain functionalities or data.
Upon installation, a VS Code extension typically gains
unrestricted access to the VS Code API. This level of access
can be perilous if the extension is either malicious or becomes
compromised due to its vulnerabilities. Possible threats include
arbitrary code execution, unauthorized file manipulation, and
data theft or corruption. The unregulated access to APIs
raises the possibility of extensions misusing these interfaces,
performing actions well beyond their advertised scope. For
instance, an extension ostensibly designed for code formatting
could hypothetically access and modify unrelated files in the
user’s workspace or interact with other extensions in a manner
not initially intended – we have found similar use cases in the
current marketplace.
The following list is some of the sensitive API capabilities
that are not guarded by any checks or permissions.
Fig. 6. Sandboxed Process Architecture of VS Code. • Run potentially sensitive terminal commands.
 • Modify source code or the commit history without any TABLE I
developer knowledge. R ESULTS OF THE VT A NALYSIS OF E XTENSIONS
• Capture authentication tokens or credentials. Min VT Positive Number of Cumulative
• Interfere with other installed extensions. Engine Count Extensions Install Count
1 835 122,489,729
• Modify the behavior of the app during debugging. 2 163 1,840,317
The absence of any sort of permission in VS Code keeps 3 62 693,147
4 26 385,408
developers completely in the dark about extension’s execution.

C. Third Party Dependencies

c) Publisher Verification: : This confirms the publisher’s
VS Code extensions, similar to standard Node.js applica- authority over their domain, and verified publishers receive
tions, are capable of incorporating third-party Node.js depen- a badge in the Marketplace, denoting their verified status.
dencies. While this integration undoubtedly enhances flex- However, we found that 7% of the tagged extensions for
ibility and promotes the reuse of code, it also introduces harmful content had the domain verified badge.
a spectrum of security concerns. Literature has documented d) Reactive Protocols - Reporting and Kill List: : In
the escalation of security threats associated with third-party response to security threats, the Marketplace removed such
Node.js dependencies (npm) [41]–[44]. malicious extensions and the implementation of a “kill list”.
This list ensures that compromised extensions are automati-
D. Network Requests cally uninstalled from user environments.
There is no specific built-in VS Code API for handling net-
work requests. Extensions utilize various third-party Node.js G. Not so Helpful Extension Page
packages to perform network operations. Network operations It’s important to consider several key aspects that are often
can be used for potential misuse like data exfiltration, down- not explicitly detailed on the extension page:
loading malicious payloads, or establishing command and • Many extensions do not provide specific information
control communication. axios, node-fetch, request, about their security or privacy practices. Concerned De-
are Node.js packages commonly used for network requests in velopers might appreciate the knowledge of who is get-
VS Code extensions. ting what data about them, their code, or the organization.
• It is vital that the developers have full transparency on
E. Untrusted Workspaces
resource accesses before they make an informed decision
The VS Code has a restricted mode where all extensions are to install an extension.
blocked. For an extension to run on the restricted mode, one • Listing third-party dependencies is also critical to make
must have this property as true. If it is false, then the extension an informed decision.
becomes non-operational in Restricted Mode until Workspace It is imperative that developers are given all the possible
Trust is granted, or limited, it will be partially functional in information to make informed decisions to make sure the
Restricted Mode with certain features disabled. The default development environment is not compromised.
value will be false if there is no entry. Given that this is a flag
the developer voluntarily sets, a malicious developer can set VI. R ESULTS
it to true so that the malicious extensions can still be active
This section presents the results of our static and dynamic
in the restricted mode of the VS Code. Our testing found 542
analysis of the 52,880 extensions. We aim to delineate the
extensions with the property set as true.
security risks, threats, practices, and any malicious usage
F. Visual Studio Marketplace identified in the extensions. These findings focus on aspects
that could cause arbitrary damage to code, host systems,
The Visual Studio Marketplace, as the central hub for VS developers, or organizations.
Code extensions, implements security measures to safeguard
the integrity and safety of its extensions. A. Malicious Extensions
a) Virus Scanning: : The marketplace has an extensive Extension File: Our primary discovery is identifying ma-
virus scanning protocol [30]. Every new submission and licious extensions by analyzing VirusTotal (VT) data. Upon
update undergoes a thorough virus scan before public release. scrutinizing the VT results, we initially identified 835 exten-
Despite these scans, our analysis found dozens of potentially sions flagged as potentially harmful by at least one antivirus
malicious extensions in the marketplace. engine. However, for the scope of this research, we have
b) Preventing Name Squatting: : The Marketplace also adopted a stringent criterion for classifying an extension as
prevents “extension name squatting” [30] to protect users from malicious: it must be marked by a minimum of four engines on
deceptive practices where unauthorized parties use similar VirusTotal. This methodology is in line with the best practices
names to popular extensions. This measure is crucial for recently advocated in the malware research community [45].
protecting users from downloading counterfeit extensions. Table VI illustrates the results of our VirusTotal analysis.
 TABLE II TABLE IV
OVERALL S UMMARY OF R ESULTS BY T HREAT M ODEL AND S USPICIOUS R ESULTS OF S ILENT E XTENSION I NSTALLATION CASES .
T YPE .
Suspicious Cases Number of
Extension Cumulative of Silent Installation Extensions
Threat Suspicious Type
Count Install Count Extensions that are installing other
4,317
Degrading the Security extensions
69 2,809,972
Posture Extensions that are installed by other
Critical File Access 14 1,564,468 4,618
extensions
Malicious VT >= 4 Extensions 26 385,408 Chain extensions (E1 → E2 → E3) 2,327
VT >= 4 Network With external connections
8 6,239 325
Requests (for ‘installed by’ cases)
Market Missuse 42 254,232 VT Positive Cases
Concealed Operations 18 145,047 92
(for ‘installed by’ cases)
Vulnerable Extensions with CVEs 2,620 51,952,070 CVE Positive Cases
Tracking 49 3,107,508 325
(for ‘installed by’ cases)
API & Privacy Code Sharing 108 560,666
Data Sharing 15 504,835
Total 2969 61,290,445
associated with a CVE, within Node.js packages used by
TABLE III
these extensions. The severity levels of these vulnerabilities
E XTENSIONS COMMUNICATING WITH VT COUNT GREATER THAN OR are categorized as low (1), medium (34), and high (19).
EQUAL 4 DOMAINS We identified 5,775 instances of these CVEs across 2,620
extensions with a cumulative install count of 151,952,070.
Extension Name Domain Install Count
search-pawn-package sampctl.com 1,977 Further analysis revealed that these CVEs originated from
FridaExtension fridaplatform.online 1,823 28 unique Node.js packages. All VS Code extensions are
OI Wiki oi-wiki.org 1,723 installed in the ∼/.vscode/extensions/ folder. If a
Hey hey.network 559
SnippetDrop snippetdrop.com 106 malicious developer has installed any of the above-mentioned
Get rich overnight gateio.ch 27 vulnerable extensions, a malicious extension could access this
VSQuote type.fit 21 folder, import vulnerable Node.js packages, and exploit them,
Code Naming Conventions openai-proxy.com 3
potentially causing arbitrary damage to the code, host systems,
developers, or organizations. We verified that 19 CVEs with
Out of the 835 extensions initially flagged, we discovered a high severity level are exploitable via a demo VSCode
that 667 had at least one previous version. Our analysis of extension that can import vulnerable Node.js packages from
these versions revealed that 102 extensions had at least one vulnerable extensions. Additionally, the ease with which mali-
prior malicious version. cious entities can access and install these vulnerable extensions
Network Request: During our dynamic analysis, we cap- exacerbates the issue. This lack of proactive alerts or guid-
tured the network requests made by the extensions. We ance poses a significant risk, potentially exposing codebases,
separated IPs and URLs from the dataset and applied a set developers, host systems, and organizations to security threats
of heuristics to filter them for further analysis. We filtered inherent in these extensions.
out all the local IP addresses from the IP set, resulting in
72 direct external IPs for further examination. Regarding the C. Silent Extension Installation
URLs, we extracted the domains and filtered them using the We have discovered that in VS Code, extensions
Cloudflare Radar [46] Top 50,000 Domains. We selected an can install additional extensions through three different
exclude list from the Radar Top 50,000 Domains for further methods. These include specifying dependencies
analysis, which yielded 493 URL domains in the dataset. We in the manifest file using extensionPack or
then submitted all filtered IPs and URLs to VirusTotal to extensionDependencies, and utilizing the VS Code
obtain reports, which were analyzed to check for any malicious Command API. A notable command within this API is
behavior associated with the IPs and URLs. vscode.commands.executeCommand, which can
After the VT analysis, we found 8 recipients from 8 invoke workbench.extensions.installExten-
extensions with more than 3 VT engines flagging them as sion. This function allows for the silent installation of
malicious (Ref Table III). Some of these extensions have a extensions without the need for user consent. Our findings
significant number of downloads, risking a sizable population indicate that 4,317 extensions engage in this behavior,
of developers. We found nothing sensitive shared with those installing other extensions covertly. This includes the creation
domains except for one domain receiving search terms. of extension chains (E1 → E2 → E3) and instances where an
extension without external connections installs another with
B. Vulnerable Extensions such connections. Crucially, we also examined extensions
One of our principal findings stems from identifying vul- that silently install malicious or vulnerable extensions. Table
nerable extensions through the Retire.js vulnerability scan- IV provides a detailed overview of these silent extension
ning process. We discovered 54 distinct vulnerabilities, each installation cases with likely harmful content.
D. Suspicious Extensions any developer’s consent.
Data Sharing: Our dynamic analysis of 13 VS Code exten-
Degrading the Security Posture: In our VS Code API usage sions revealed that a significant amount of data is transmitted
analysis of extensions, we identified several suspicious coding over the internet.
patterns that may pose security risks. With the recent wave of VS Code extensions share a variety of information, includ-
supply chain attacks, much of the attention has shifted towards ing device specifics like unique Device ID, language settings,
securing the development environment [14]. We found several screen dimensions, and timezone. Operating System (OS) de-
cases where extensions have severely degraded the security tails are also communicated such as the username, hostname,
posture of the host machine, which will negatively impact not OS name, architecture, version, and home directory path.
only the host’s machine but could affect the organizational Moreover, details about the working project are transmitted,
security posture as well. The only reason for this occurrence such as the project name, directory, source code, timestamp,
is the lack of proper containment – sandboxing – in the VS and analytic data which include Google Analytics, workspace
Code for untrusted extensions. dependencies, user actions, GitHub account information, log
We found that 14 extensions directly access SSH private events, and stack traces.
keys or cloud access tokens via file access paths, posing These kinds of information at the hands of the wrong actors
additional security vulnerabilities. This is the most severe can be devastating for the developers and the organizations.
threat posed by malicious extensions. Accessing SSH private These metadata can reveal a lot of information about the
keys and cloud access tokens has repercussions far beyond proprietary developments that are yet to be released.
an individual’s development machine. These tokens can be Tracking: Our investigation identified 46 extensions that
used to log into highly sensitive servers in the organizations, actively monitor and transmit data regarding user, device,
polluting production artifacts and/or update channels. Recent project, session, coding time, user IP, user actions, commit
supply chain attacks have demonstrated that they have success- logs, and session details. Alarmingly, 28 of these extensions
fully targeted developers to exploit their weakness to access fail to disclose their tracking practices to developers. The
tokens, but this way, it can be done with the near certainty of ‘Code Time’ [48] extension, with 425,386 downloads offers
success, which is dreadful. programming metrics, infringes upon privacy by clandestinely
Another severe threat was intentionally degrading collecting information such as usernames, device hostnames,
the TLS setup in the environment process. timezones, and detailed project directories alongside project
env.NODE_TLS_REJECT_UNAUTHORIZED = 0 This names, all without user awareness.
particular code snippet turns off TLS/SSL certificate Code Sharing: In the course of our research, we identified
validation, which exposes the extension to severe security a total of 108 extensions within the VS Code ecosystem that
risks, including man-in-the-middle attacks and potential data engage in the sharing of source code over the internet.
breaches. Our study found that 60 extensions contained this We discovered a wide range of code-sharing practices with
pattern, compromising security. These extensions have a external services. Notably, 78 extensions actively transmit
median install count of 314.5. To corroborate our findings, we data to public and private large language models, specifically
conducted a dynamic analysis, further verifying the significant focusing on two extensions that share code with locally
risks posed by this practice. We identified several interesting run language model servers. Recently, a few cases appeared
extensions, one of which is ‘Black Box’ [47]. This extension to have leaked sensitive code to LLMs due to inaccurate
interacts with the OpenAI API and notably disables SSL/TLS configuration; with an increasing number of extensions now
certificate verification(130,913 downloads). exploiting LLMs, it is worth noting that for almost all of the
We identified eight extensions that implement local proxy extensions, developers lack any control over configuring the
servers to enhance their functionality. These proxies are used LLMs that the extension use. However, within this subset, 27
primarily because they can circumvent the stringent network extensions offer limited information about the recipients of
security measures established in most corporate environments. this code on the VS Code Marketplace extension’s page. We
Such security measures typically include firewalls, intrusion also identified three extensions transmitting selected code to
detection systems, and content filtering policies. A VS Code servers for synonym finding and 17 extensions sending code to
extension could bypass these security protocols by setting up translation APIs. Concerningly, in both these groups, several
a local proxy, thereby creating a backdoor. This backdoor extensions (two in the former and 12 in the latter) lack explicit
allows data to be transferred in and out of the network without disclosure regarding the destinations of the transmitted code.
undergoing standard scrutiny and security checks. Furthermore, three extensions designed for code deployment
We also discovered that 329 extensions update the VS clearly state the destination of the deployed code. In code
Code settings.json file, either through the API (using snippet sharing, four extensions stand out for their core func-
vscode.workspace.getConfiguration("config- tionality of sharing code, with one using an encryption scheme
").update("new value")) or by directly modifying for the source code. An extension facilitating interaction with
the settings.json file. This practice raises significant an online code playground and another intended for code vul-
security risks and threats. An extension can use this feature nerability scanning must adequately disclose their data-sharing
to turn off any security feature in the VS code again without practices on their marketplace pages. Finally, an extension
focused on variable naming, transmitting selected text without clones of other extensions. Furthermore, we observed four
proper validation, is also reticent about the destination of this extensions that bundled Node modules, EXE, JAR files, and
data. These findings underscore the diverse nature of code- JRE folders, leading to abnormally large extension sizes, a
sharing functionalities among VS Code extensions, marked concern we’ve labeled ‘oversized extensions.’
by varying degrees of transparency and leading to potential
security and privacy concerns in the ecosystem. VII. R ELATED W ORK
Further, we found extensions transmitting personal infor- There is limited research on the security and privacy of
mation and logs over the internet. Out of 12 such extensions IDEs and code editors, particularly concerning their plugins
analyzed, 11 shared sensitive data, including stack traces with or extensions. Elizabeth Lin [50], identified 716 dangerous
error logs, GitHub usernames, user emails, and extension logs, data flows and 21 verified extension vulnerabilities with proof-
without prior disclosure to the developers. This is equally of-concept exploits in VS Code extensions. The investigation
concerning as code sharing since stack traces and execution did not cover the marketplace for malicious or suspicious
logs can still expose sensitive information. extensions. A. David proposed implementing a permission
Suspicious APIs: Our API analysis revealed that the misuse system for VS Code extensions [51]. They only evaluated 56
of certain APIs can cause arbitrary damage to host codebases, extensions and faced challenges in fully mapping npm package
developers, host systems, and organizations. We utilized dy- usage to specific permissions. Jin et al. [52] identify security
namic analysis and runtime logs to verify the extent of API vulnerabilities in the VS Code Markdown editor.
usage in suspicious extensions. Detailed information for these VS Code extensions are based on Node.js, and a few
APIs is provided in Table V, which highlights the potential studies have investigated the security risks and vulnerabilities
security risks associated with their misuse. associated with Node.js packages [41]–[44]. The authors have
Concealed Operations: In our dynamic analysis, we ob- highlighted a few issues, such as a lack of regular updates,
served several extensions with concealed activities. One ex- compromised dependency trees, and widespread vulnerabili-
tension was identified as redirecting developers to a malicious ties in NPM packages.
webpage, consequently leading to the installation of an un- Numerous studies have analyzed various third-party integra-
wanted browser plugin. Another extension enabled access to a tion tools for applications [12], [13], [53]–[55]. Authors have
private extension marketplace within VS Code. Moreover, our looked into different plugin architectures such as WordPress,
investigation revealed 12 extensions clandestinely download- Team Chat, and Android Marketplace.
ing third-party libraries, command-line tools, and executables Ladisa et al. scrutinize OSS supply chains, identifying their
without obtaining user consent or providing any notification. complexity as a source of security vulnerabilities [56]. Insights
In addition, we discovered three extensions initiating terminals from 30 organizations are synthesized, spotlighting challenges
within VS Code stealthily by employing the hideUser like updating vulnerable dependencies, leveraging SBoM for
parameter in the createTerminal API, thus operating enhanced security [14]. A study on the use of open source
unbeknownst to the user. components (OSCs) in software projects reveals that their
Network Capabilities: We discovered the F5 NIM exten- selection often depends on superficial metrics like downloads
sion [49] by F5DevCentral, serving as an NGINX Instance or GitHub stars disregarding security [57]. The significance of
Manager with 1502 installs. The Visual Studio, Code extension Reproducible Builds (R-Bs) in software projects, particularly
marketplace, is described as a tool enabling the discovery following the 2020 SolarWinds attack [2], is highlighted [58].
and management of NGINX instances and configuration files. There is an extensive corpus of literature on the analysis of
Upon executing the ”Start Scan” command, developers initiate malicious and vulnerable extensions [59]–[68]. Studies such
a scan of NGINX instances, launching an underlying network as [69] and [70] utilize static analysis to identify extensions
port scan. This was never explicitly mentioned. that potentially abuse privileges, including improper access to
Market Misuse: In our analysis, we encountered several APIs and sensitive user data. Similarly, research like [71], [72],
instances indicative of marketplace misuse. We identified and [64] use static analysis to detect misuses of permissions.
16 extensions published predominantly for testing purposes,
as evidenced by their lack of specific functionalities and VIII. D ISCUSSION
apparent experimental nature. Additionally, our investigation We have analyzed 52,880 extensions and found 2969
revealed 69 extensions presenting multiple identical versions, (5.61%) extensions to be potentially harmful to the devel-
characterized by shared logos, identical descriptions, and only oper under five different categories. These extensions have a
minor variations in titles or publishers, hinting at potential cumulative install count of 613 Million installs, exposing a
duplication issues. After analyzing the repository field significant number of developers worldwide. VS Code being
in the package.json, which contains the repository URL, the most popular IDE/Code Editor in the world [25], the 6%
we identified that 9,185 extensions were published without a likely malicious extensions from the VS Code marketplace
repository. Of these, 75 extensions were flagged as malicious is a significant number. This work presents the first holistic
by VirusTotal (VT), and 142 were associated with known analysis of the VS Code extension ecosystem.
Common Vulnerabilities and Exposures (CVEs). Further anal- Our analysis uncovered issues along two main axes: security
ysis of the repository URLs revealed that 120 extensions were of the host, the network, and the organization, as well as
 TABLE V
A NALYSIS OF API M ISUSE IN S USPICIOUS E XTENSIONS . T HIS TABLE DETAILS THE USAGE , NUMBER OF AFFECTED EXTENSIONS , AND MEDIAN
INSTALLATION COUNTS FOR CRITICAL API S THAT, WHEN MISUSED , CAN POSE SIGNIFICANT THREATS TO SYSTEM SECURITY.

Extension Usage Install Count

API Summary
Count Count (Median)
This file system API can read and write files. If misused, it could lead to
workspace.fs 469 35,782 648
unauthorized file access or modification.
Monitoring file system changes can be exploited if the data is used
workspace.createFileSystemWatcher 335 7,179 1,235
maliciously.
This can modify files in the workspace, posing a risk if used to make
workspace.applyEdit 314 7,597 865
unauthorized edits.
This API can access various files within the workspace, which could
workspace.findFiles 230 5,947 1041
potentially expose sensitive information.
Improper use of this API could lead to unauthorized access or
window.activeTextEditor 1,136 73,073 287
manipulation of the active text editor content.
This API allows the creation of a terminal within VS Code with
window.createTerminal full access to the host machine. A potential risk is executing arbitrary 267 3,743 491
commands through the terminal.
Webviews can display arbitrary content, including potentially
window.createWebviewPanel 681 17,488 346
malicious HTML or JavaScript.
Accessing authentication sessions can pose risks if the session
authentication.getSession 103 2,978 572
data is mishandled or exposed.
Involves accessing details about installed extensions, which could
extensions.getExtension 488 11,559 1,252
be misused to target specific extensions or behaviors.
This API is used to open URLs or files in the default external
env.openExternal application. If not properly validated, it could be exploited to open 554 17,703 527
malicious links or files.
Access to the clipboard could lead to the exposure of sensitive
env.clipboard 301 8,060 804
data copied by the user.
env.sessionId, env.machineId,
These environment variables provide system and session information
env.uiKind, env.remoteName, 254 9,702 5972
which, if exposed, can be sensitive
env.appRoot, env.appHost

problems of privacy and IP of the developer and the orga- Microsoft, the VS Code team, knew about the potential
nization. Implications of a compromised extension with an dangers of the current extension architecture since 2018 [40].
ability to steal pretty much anything out of the host machine The online documentation suggests their design choices were
are dangerous and require a thorough examination to fix it largely based on creating a capable extension ecosystem with
before a real-world attack occurs. Supply chain attack on minimal restrictions [38]. This is a sensible decision for
SolarWinds [2], key exposure in Microsoft [17] exposes the creating a vibrant ecosystem. Still, security has to be a critical
ugly truth of being complacent on developer security. factor in designing the architecture. It raises the question of the
With the recent high-profile wave of IP theft and supply inaction by Microsoft for 5 years, potentially underestimating
chain attacks, having untrusted extension code roaming in the grave ramifications.
the host with unparalleled access should be a nightmare for Moving forward, the solution must be multi-faceted: how
organizations and developers. These unintended ID leaks can can VS Code create a highly capable extension architecture
lead to sophisticated spear phishing or, even worse, targeted with correct checks and guards following defense-in-depth and
attacks on the host to steal code or other sensitive materials. least-privilege principles, and how can the developer make
With extensions having high severity vulnerable code execut- informed decisions before installing extensions? The solution
ing with unchecked capabilities, these extensions themselves should guard different capabilities with permission-guarded
could be weaponized for IP theft, geopolitical advantages, or APIs so that the developer is also in the loop during the
criminal gangs. The first and foremost step would be to educate execution. VS Code marketplace should also have a strict
developers and get the relevant stakeholders to act upon it. structure (such as in Google Playstore) with permission and
Security and privacy literature has been focusing on con- capability information so that developers can comprehend the
sumer and organizational security and privacy. It is high time extension before deciding which tool to pick.
that we also devote our focus to developer security. Literature This work also calls for more Developer studies on under-
has looked into secure CI/CD [12], [13] and secure update standing their privacy and security expectations while using
channels [14], but threat vectors such as developer extensions developer tools. There can be a lot of lessons learned from
are usually overlooked. But as the analysis suggests, devel- Android permission literature [73]–[75] on understanding dif-
oper tools and extensions present an equally important threat ferent contexts and approaches to effectively seek permission
vector to be concerned with. The current analysis opens up before granting access to sensitive information. Developers
two avenues for further examination: a secure extension/tool are likely to have an opinion on when they want to be
architecture with visibility and the ability to audit. prompted for permissions, under what contexts, for what types
of capabilities, etc. Developers are also likely to want to [14] W. Enck and L. Williams, “Top five challenges in software supply chain
have an audit mechanism where they can go back and audit security: Observations from 30 industry and government organizations,”
IEEE Security and Privacy, 2022.
extension history and change their future behavior at a finer [15] F. Fischer, K. Böttinger, H. Xiao, C. Stransky, Y. Acar, M. Backes, and
level. All of these are major changes that will considerably S. Fahl, “Stack overflow considered harmful? the impact of copy&paste
affect the extension ecosystem. Thus, other factors such as on android application security,” in 2017 IEEE Symposium on Security
and Privacy (SP), 2017.
adoption, usability, and retention will come into play in any [16] Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky,
decision around revamping the current extension architecture. “You get where you’re looking for: The impact of information sources
In conclusion, our analysis reveals that developer extensions on code security,” in 2016 IEEE Symposium on Security and Privacy
(SP), 2016.
pose a credible threat to the developer, the code, the host
[17] R. Satter, “Microsoft says compromise of its engineer’s account led to
computer, and the organization. The analysis uncovers five chinese hack of us officials,” Reuters, 2023.
types of questionable behavior: (a) developers have minimal [18] Can you trust your vscode extensions? Accessed
visibility into what extensions are accessing behind VS Code, 01-August-2024. [Online]. Available: https://blog.aquasec.com/
can-you-trust-your-vscode-extensions
(b) extensions have unchecked access to the code and the [19] Malicious vscode extensions with more than 45k downloads
host computer, (c) some extensions purposely degrade the host steal pii and enable backdoors. Accessed 01-August-2024.
computers security posture opening up to the possibility of [Online]. Available: https://blog.checkpoint.com/securing-the-cloud/
malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-back
getting hacked, (d) extensions are sharing sensitive developer [20] Virustotal. Accessed: 08/01/2024. [Online]. Available: https://www.
information, code, execution logs, and stack traces over the in- virustotal.com/
ternet, and (e) some extensions are either very likely malicious [21] Retire.js github repository. Accessed: 08/01/2024. [Online]. Available:
or riddle with vulnerabilities. The work analyzed 52,000+ VS https://github.com/RetireJS/retire.js
[22] Visual studio code. Accessed: 08/01/2024. [Online]. Available:
Code extensions, and 5.6% of them have suspicious behavior https://code.visualstudio.com/
potentially putting over 500 million developers at risk. [23] Electron. Accessed: 08/01/2024. [Online]. Available: https://www.
electronjs.org/
ACKNOWLEDGMENTS [24] Chromium. Accessed: 08/01/2024. [Online]. Available: https://www.
chromium.org/Home/
This work is supported by the Australian Research Council [25] Stack overflow developer survey 2023. Accessed: 08/01/2024.
[Online]. Available: https://survey.stackoverflow.co/2023/
Discovery Project (DP210102761). #section-most-popular-technologies-integrated-development-environment
[26] Visual studio code - extension manifest. Accessed:
R EFERENCES 08/01/2024. [Online]. Available: https://code.visualstudio.com/api/
references/extension-manifest
[1] K. Thompson, “Reflections on trusting trust,” Communications of the [27] V. S. Code, “Visual studio code workspace trust - restricted mode,” https:
ACM, 1984. //code.visualstudio.com/docs/editor/workspace-trust# restricted-mode.
[2] Reuters, “Solar wind attack,” https://www.reuters.com/technology/ [28] Visual studio code api reference - vs code api. Accessed:
exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/,
08/01/2024. [Online]. Available: https://code.visualstudio.com/api/
2021. references/vscode-api
[3] S. Magazine, “Rapid7 attack,” https://www.securitymagazine.com/ [29] Visual studio code marketplace. Accessed: 08/01/2024. [Online].
articles/95236-rapid7-victim-of-a-software-supply-chain-breach, 2021. Available: https://marketplace.visualstudio.com/vscode
[4] DarkReading, “Dragongfy attack,” https: [30] Visual studio code documentation: Can i trust extensions
//www.darkreading.com/attacks-breaches/ from the marketplace? Accessed: 08/01/2024. [Online]. Avail-
pharmaceuticals-not-energy-may-have-been-true-target-of-dragonfly-energetic-bear,
able: https://code.visualstudio.com/docs/editor/extension-marketplace#
2021. can-i-trust-extensions-from-the-marketplace
[5] Y. Finance, “Juniper attack,” https://finance.yahoo.com/news/
[31] Working with extensions - publishing extension (sec-
juniper-breach-mystery-starts-clear-130016591.html, 2022.
tion: Verify a publisher). Accessed: 08/01/2024. [Online].
[6] S. Peisert, B. Schneier, H. Okhravi, F. Massacci, T. Benzel, C. Landwehr,
Available: https://code.visualstudio.com/api/working-with-extensions/
M. Mannan, J. Mirkovic, A. Prakash, and J. B. Michael, “Perspectives
publishing-extension#verify-a-publisher
on the solarwinds incident,” IEEE Security & Privacy, 2021.
[32] Visual studio code documentation: Robust and extensible architecture.
[7] CrowdStrike, “Crowdstrike falcon platform identifies sup-
Accessed: 08/01/2024. [Online]. Available: https://code.visualstudio.
ply chain attack via a trojanized comm100 chat in-
com/docs/editor/whyvscode# robust-and-extensible-architecture
staller.” [Online]. Available: https://www.crowdstrike.com/blog/
new-supply-chain-attack-leverages-comm100-chat-installer/ [33] Mitre cve. Accessed: 08/01/2024. [Online]. Available: https://cve.mitre.
[8] D. Spinellis, “Reflections on trusting trust revisited,” Communications org/
of the ACM, 2003. [34] A. Cortesi, M. Hils, T. Kriechbaumer, and contributors, “mitmproxy: A
[9] S. Bratus, T. Darley, M. E. Locasto, M. L. Patterson, R. Shapiro, free and open source interactive HTTPS proxy,” 2010–, [Version 10.1].
and A. Shubina, “Beyond planted bugs in ”trusting trust”: The input- [Online]. Available: https://mitmproxy.org/
processing frontier,” IEEE Secur. Priv., 2014. [35] Visual studio code github repository. Accessed: 08/01/2024. [Online].
[10] E. Levy, “Poisoning the software supply chain,” IEEE Security & Available: https://github.com/microsoft/vscode/tree/release/1.80
Privacy, 2003. [36] V8 javascript engine. Accessed: 08/01/2024. [Online]. Available:
[11] “Apache Log4j Security Vulnerabilities,” https://logging.apache.org/ https://v8.dev/
log4j/2.x/security.html, [Online; accessed: 01-August-2024]. [37] M. Backes, S. Bugiel, C. Hammer, O. Schranz, and P. von Styp-
[12] I. Koishybayev, A. Nahapetyan, R. Zachariah, S. Muralee, B. Reaves, Rekowsky, “Boxify: Full-fledged app sandboxing for stock android,”
A. Kapravelos, and A. Machiry, “Characterizing the security of github in 24th USENIX Security Symposium (USENIX Security 15), 2015.
CI workflows,” in 31st USENIX Security Symposium (USENIX Security [38] Vs code sandboxing - the new sandbox feature. Accessed:
22), 2022. 08/01/2024. [Online]. Available: https://code.visualstudio.com/blogs/
[13] F. Moriconi, A. I. Neergaard, L. Georget, S. Aubertin, and A. Francil- 2022/11/28/vscode-sandbox
lon, “Reflections on trusting docker: Invisible malware in continuous [39] Electron process model: The utility process. Accessed:
integration systems,” in IEEE Security and Privacy Workshops (SPW), 08/01/2024. [Online]. Available: https://www.electronjs.org/docs/latest/
2023. tutorial/process-model#the-utility-process
[40] Visual studio code issue: [feature request] extension permissions, [62] A. Kapravelos, C. Grier, N. Chachra, C. Kruegel, G. Vigna, and
security sandboxing & update management proposal. Accessed: V. Paxson, “Hulk: Eliciting malicious behavior in browser extensions,”
08/01/2024. [Online]. Available: https://github.com/microsoft/vscode/ in 23rd USENIX Security Symposium (USENIX Security 14), 2014.
issues/52116 [63] S. Bandhakavi, N. Tiku, W. Pittman, S. T. King, P. Madhusudan, and
[41] A. Decan, T. Mens, and E. Constantinou, “On the impact of security M. Winslett, “Vetting browser extensions for security vulnerabilities with
vulnerabilities in the npm package dependency network,” in Proceedings vex,” Commun. ACM, 2011.
of the 15th International Conference on Mining Software Repositories, [64] Y. Ling, K. Wang, G. Bai, H. Wang, and J. S. Dong, “Are they toeing the
2018. line? diagnosing privacy compliance violations among browser exten-
[42] M. Zimmermann, C.-A. Staicu, C. Tenny, and M. Pradel, “Small world sions,” in Proceedings of the 37th IEEE/ACM International Conference
with high risks: A study of security threats in the npm ecosystem,” in on Automated Software Engineering, 2023.
28th USENIX Security Symposium (USENIX Security 19), 2019. [65] N. Jagpal, E. Dingle, J.-P. Gravel, P. Mavrommatis, N. Provos, M. A.
[43] B. Pfretzschner and L. ben Othmane, “Identification of dependency- Rajab, and K. Thomas, “Trends and lessons from three years fighting
based attacks on node.js,” in Proceedings of the 12th International malicious extensions,” in 24th USENIX Security Symposium (USENIX
Conference on Availability, Reliability and Security, 2017. Security 15), 2015.
[66] A. Aggarwal, B. Viswanath, L. Zhang, S. Kumar, A. Shah, and P. Ku-
[44] A. Zerouali, T. Mens, A. Decan, and C. De Roover, “On the impact of
security vulnerabilities in the npm and rubygems dependency networks,” maraguru, “I spy with my little eye: Analysis and detection of spying
Empirical Software Engineering, 2022. browser extensions,” in IEEE European Symposium on Security and
Privacy (EuroS&P), 2018.
[45] S. Zhu, J. Shi, L. Yang, B. Qin, Z. Zhang, L. Song, and G. Wang, [67] X. Li, B. A. Azad, A. Rahmati, and N. Nikiforakis, “Good bot, bad
“Measuring and modeling the label dynamics of online Anti-Malware bot: Characterizing automated browsing activity,” in IEEE Symposium
engines,” in 29th USENIX Security Symposium (USENIX Security 20), on Security and Privacy (SP), 2021.
2020. [68] P. Picazo-Sanchez, B. Eriksson, and A. Sabelfeld, “No signal left to
[46] Cloudflare radar. Accessed: 08/01/2024. [Online]. Available: https: chance: Driving browser extension analysis by download patterns,”
//radar.cloudflare.com/ in Proceedings of the 38th Annual Computer Security Applications
[47] Visual Studio Marketplace, “Black box - visual studio marketplace,” Conference, 2022.
https://marketplace.visualstudio.com/items?itemName=nikhilmjeby. [69] N. Pantelaios, N. Nikiforakis, and A. Kapravelos, “You’ve changed:
black-box, 2021. Detecting malicious browser extensions through their update deltas,”
[48] Software.com, “Code time,” https://marketplace.visualstudio.com/items? in Proceedings of the 2020 ACM SIGSAC Conference on Computer and
\discretionary{}{}{}itemName=softwaredotcom.swdc-vscode, 2018. Communications Security, 2020.
[49] F5 nim. Accessed: 08/01/2024. [Online]. Available: https: [70] D. F. Somé, “Empoweb: Empowering web applications with browser
//marketplace.visualstudio.com/items?\discretionary{}{}{}itemName= extensions,” in IEEE Symposium on Security and Privacy (SP), 2019.
F5DevCentral.vscode-nim [71] L. F. DeKoven, S. Savage, G. M. Voelker, and N. Leontiadis, “Malicious
[50] E. Lin, I. Koishybayev, T. Dunlap, W. Enck, and A. Kapravelos, browser extensions at scale: Bridging the observability gap between
“Untrustide: Exploiting weaknesses in vs code extensions,” in 31th web site and browser,” in 10th USENIX Workshop on Cyber Security
Annual Network and Distributed System Security Symposium, (NDSS Experimentation and Test (CSET 17), 2017.
2024), 2024. [72] A. Guha, M. Fredrikson, B. Livshits, and N. Swamy, “Verified security
[51] Å. David, “Implementation and evaluation of an emulated permission for browser extensions,” in IEEE Symposium on Security and Privacy
system for vs code extensions using abstract syntax trees,” 2021. (SP), 2011.
[52] Z. Jin, S. Chen, Y. Chen, H. Duan, J. Chen, and J. Wu, “A security [73] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner,
study about electron applications and a programming methodology to “Android permissions: User attention, comprehension, and behavior,” in
tame DOM functionalities,” in 30th Annual Network and Distributed Proceedings of the eighth symposium on usable privacy and security,
System Security Symposium, NDSS 2023, 2023. 2012.
[53] R. P. Kasturi, J. Fuller, Y. Sun, O. Chabklo, A. Rodriguez, J. Park, and [74] A. P. Felt, S. Egelman, M. Finifter, and D. Wagner, “How to ask for
B. Saltaformaggio, “Mistrust plugins you must: A Large-Scale study of permission,” in 7th USENIX Workshop on Hot Topics in Security (HotSec
12), 2012.
malicious plugins in WordPress marketplaces,” in 31st USENIX Security
Symposium (USENIX Security 22), 2022. [75] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android
permissions demystified,” in Proceedings of the 18th ACM Conference
[54] M. Zha, J. Wang et al., “Hazard integrated: Understanding the security on Computer and Communications Security, 2011.
risks of app extensions on team chat systems,” in Network and Dis-
tributed Systems Security Symposium, 2022.
[55] Y. Shen, P.-A. Vervier, and G. Stringhini, “A large-scale temporal
measurement of android malicious apps: Persistence, migration, and
lessons learned,” in 31st USENIX Security Symposium (USENIX Security
22), 2022.
[56] P. Ladisa, H. Plate, M. Martinez, and O. Barais, “Sok: Taxonomy of
attacks on open-source software supply chains,” in IEEE Symposium on
Security and Privacy (SP), 2023.
[57] D. Wermke, J. H. Klemmer, N. Wöhler, J. Schmüser, H. S. Ramulu,
Y. Acar, and S. Fahl, “”always contribute back”: A qualitative study
on security challenges of the open source supply chain,” in IEEE
Symposium on Security and Privacy (SP), 2023.
[58] M. Fourné, D. Wermke, W. Enck, S. Fahl, and Y. Acar, “It’s like flossing
your teeth: On the importance and challenges of reproducible builds for
software supply chain security,” in IEEE Symposium on Security and
Privacy (SP), 2023.
[59] I. Sanchez-Rola, I. Santos, and D. Balzarotti, “Extension breakdown:
Security analysis of browsers extension resources control policies,” in
26th USENIX Security Symposium (USENIX Security 17), 2017.
[60] Q. Chen and A. Kapravelos, “Mystique: Uncovering information leakage
from browser extensions,” in Proceedings of the 2018 ACM SIGSAC
Conference on Computer and Communications Security, 2018.
[61] A. S. Buyukkayhan, K. Onarlioglu, W. K. Robertson, and E. Kirda,
“Crossfire: An analysis of firefox extension-reuse vulnerabilities.” in
NDSS, 2016.