Progress update on VSCode news: Material Theme was removed after developers reported malicious code, prompting a temporary takedown from the Visual Studio Marketplace.
Mattia Astorino, the creator of the theme @equinusocio, confirmed that there was no malicious intent behind the code embedded in the theme. The lack of updates for an extended period raised suspicions from Microsoft, with questionable code coming from scripts creating JSON files in an obfuscation process using an outdated library from sanity.io since 2016.
Most recently, Scott Hanselman, Microsoft’s representative, publicly apologized to Astorino on GitHub, stating that this was a false positive alert. Microsoft admitted to rushing the investigation and drawing incorrect conclusions. Lessons learned include clearer guidelines on obfuscation and updating code scanning tools to prevent such issues in the future. The theme has now been reinstated.
Source: Microsoft GitHub, BleepingComputer
TLDR: VSCode’s Material Theme removed temporarily due to suspicions of malicious code, reinstated after clarification and apology from Microsoft.
Leave a Comment