Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.
“The pipeline had a single boolean return value that meant both ‘no scanners are configured’ and ‘all scanners failed to run,’” Koi
“The pipeline had a single boolean return value that meant both ‘no scanners are configured’ and ‘all scanners failed to run,’” Koi







![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](https://encircle-it.com/wp-content/uploads/2026/04/webinar-stop-guessing-learn-to-validate-your-defenses-against-real-attacks.jpg)


