The VSCode Marketplace is pretty easy to hack with malicious extensions

VSCode Marketplace, a repository for Visual Studio Code (VSC) externsions, has poor security defenses, allowing threat actors to abuse it and distribute malicious code among the millions of its users, experts have warned.

A report from AquaSec tested the platform and concluded that abusing it to distribute malware (opens in new tab) was ridiculously easy.