npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@trailofbits/vsix-audit

v0.1.3

Published

Security scanner for VS Code extensions

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

trailofbits-developerstrailofbits-developersbsamuels.tobbsamuels.tobdguidodguidobohendobohendo

Keywords

auditscannersecuritytrail-of-bitsvscodevsix

Readme

vsix-audit

Security scanner for VS Code extensions. Detects malicious extensions before installation by analyzing code patterns, indicators of compromise, and known malware signatures.

The Problem

VS Code extensions run with full trust and the same permissions as the editor itself. Malicious extensions have been found in both the official Microsoft marketplace and OpenVSX:

  • Credential theft - SSH keys, browser cookies, password manager databases
  • Cryptocurrency theft - Wallet files, clipboard hijacking for addresses
  • Source code exfiltration - Stealing proprietary code via Discord webhooks
  • Cryptominers and RATs - CoinIMP miners, ScreenConnect RATs, multi-stage loaders
  • Self-propagation - GlassWorm spread by modifying installed extensions

Detection Modules

The scanner runs 6 detection modules against each extension:

Package Analysis (package.ts)

Examines package.json and extension manifest for suspicious configurations.

| Check | What It Detects | Severity | | ---------------------- | ------------------------------------------------------------------------------- | --------------- | | Blocklist | Extension ID matches known malicious extensions | Critical | | Wildcard activation | activationEvents: ["*"] - runs on every action | High | | Startup activation | onStartupFinished - runs at VS Code launch | Medium | | Theme with code | Theme extension that has a main entry point | High | | Malicious npm packages | Dependencies matching known malware packages | Critical | | Typosquatting | Dependencies within edit distance 1-2 of popular packages (lodash, axios, etc.) | High | | Lifecycle scripts | preinstall/postinstall scripts with suspicious patterns | Critical/Medium |

Indicators of Compromise (ioc.ts)

Matches against curated threat intelligence from zoo/iocs/.

| Check | Detection Method | Severity | | -------------- | ------------------------------------------------------------------- | -------- | | Malware hashes | SHA256 hash of files matches known samples | Critical | | C2 domains | Domain extraction matched against blocklist | Critical | | C2 IPs | IPv4 extraction (excludes private ranges) matched against blocklist | Critical | | Crypto wallets | BTC (legacy/SegWit/Bech32), ETH, Monero, Solana address patterns | High |

AST Analysis (ast.ts)

OXC-based parsing to detect structural patterns that regex can't catch.

| Rule | What It Detects | Severity | | -------------------------- | ------------------------------------------------ | -------- | | AST_EVAL_DYNAMIC | eval(variable) - non-literal argument | High | | AST_FUNCTION_CONSTRUCTOR | new Function(string) - runtime code generation | High | | AST_DYNAMIC_REQUIRE | require(variable) - computed module loads | Medium | | AST_DYNAMIC_IMPORT | import(variable) - computed dynamic imports | Medium | | AST_PROCESS_BINDING | process.binding() - Node.js internals access | High | | AST_GLOBAL_THIS_EVAL | globalThis.eval - indirect eval access | High |

Obfuscation Detection (obfuscation.ts)

Detects obfuscation techniques used to hide malicious intent.

| Rule | Detection Method | Severity | | -------------------------- | ----------------------------------------------------------------- | -------- | | OBFUSCATION_HIGH_ENTROPY | Shannon entropy >5.5 bits/char (200-char windows) | Medium | | ZERO_WIDTH_CHARS | Zero-width spaces/joiners hiding code (U+200B-200D) | High | | VARIATION_SELECTOR | GlassWorm-style hidden data in variation selectors (U+FE00-FE0F) | Critical | | BIDI_OVERRIDE | Trojan Source attacks using bidirectional overrides (U+202A-202E) | Critical | | UNICODE_ASCII_ESCAPE | \u00XX escapes for normal ASCII chars (obfuscation) | Medium | | CYRILLIC_HOMOGLYPH | Cyrillic letters that look like Latin (а/a, е/e, с/c) | High | | OTHER_INVISIBLE_CHARS | Soft hyphens, combining marks, format controls | Medium | | INVISIBLE_CODE_EXECUTION | Invisible chars near eval/Function/exec | Critical |

JavaScript obfuscation patterns (hex variables, fromCharCode arrays, eval+decode, packers) are now detected via YARA rules for better accuracy.

YARA Rules (yara.ts)

External YARA-X engine for complex pattern matching. Rules loaded from zoo/signatures/yara/. Requires yr CLI (brew install yara-x).

| Rule File | Detects | | ----------------------------- | -------------------------------------------------------------- | | blockchain_c2.yar | Solana RPC C2, memo parsing, blockchain-based command channels | | code_execution.yar | eval, Function constructor, child_process patterns | | credential_harvesting.yar | NPM/GitHub/SSH credential theft, .npmrc access | | crypto_wallet_targeting.yar | MetaMask, Phantom, Exodus wallet extension targeting | | data_exfiltration.yar | Discord webhooks, SSH key theft, browser data exfil | | google_calendar_c2.yar | Google Calendar API abuse for C2 communication | | multi_stage_attacks.yar | Dropper chains, reverse shells, keylogger patterns | | obfuscation_patterns.yar | Hex variables, fromCharCode, packed/encoded code | | powershell_attacks.yar | Hidden windows, -ExecutionPolicy Bypass, AMSI evasion | | rat_capabilities.yar | SOCKS proxy, VNC, remote command execution | | self_propagation.yar | GlassWorm-style worm propagation via extension modification | | unicode_stealth.yar | Invisible Unicode, variation selectors, homoglyphs |

Telemetry Detection (telemetry.ts)

Detects when extensions send data to external analytics, crash-reporting, or APM services.

| Check | What It Detects | Severity | | --------------- | ----------------------------------------------------------------- | ------------- | | SDK imports | Known telemetry packages (Sentry, Mixpanel, PostHog, AppInsights) | High/Medium | | Endpoint URLs | URLs matching known telemetry services from zoo/telemetry/ | High/Medium | | Telemetry paths | API paths like /collect, /track, /ingest, /metrics | High/Medium | | Data collection | Patterns near telemetry code (machine_id, user_id, file_paths) | Informational |

Opt-out detection: Severity is reduced from High to Medium when extensions respect user preferences:

  • vscode.env.isTelemetryEnabled - VS Code's global telemetry setting
  • Manifest configuration - Extension exposes a telemetry toggle setting
  • Code conditional - Checks a user preference before sending

Triage-Friendly Output

Every finding includes context to help quickly determine if it's a real threat:

  • Legitimate uses - Why this pattern exists in benign extensions
  • Red flags - What makes the same pattern suspicious in context
  • Severity - Critical/high/medium/low based on risk and intent signals
  • Location - File path and line number for the match

The goal is rich context for human/agent review, not just pass/fail.

Installation

npm install -g vsix-audit

Requires Node.js 22 or later.

Usage

Commands

Scan an extension for security issues:

vsix-audit scan ./extension.vsix
vsix-audit scan publisher.extension-name
vsix-audit scan openvsx:publisher.extension-name

Download an extension for offline analysis:

vsix-audit download ms-python.python
vsix-audit download [email protected] -o ./downloads
vsix-audit download openvsx:redhat.java

Show extension metadata:

vsix-audit info ./extension.vsix
vsix-audit info ./extension-folder

Displays: name, publisher, version, activation events, entry points, contributions, dependencies, file count, and size.

Registry Prefixes

| Prefix | Registry | | -------------- | ------------------------------ | | (none) | VS Code Marketplace (default) | | marketplace: | VS Code Marketplace (explicit) | | openvsx: | Open VSX Registry | | cursor: | Cursor Extension Marketplace |

Scan Options

| Option | Description | | ------------------------ | -------------------------------------------------------------------------------- | | -o, --output <format> | Output format: text, json, or sarif (default: text) | | -s, --severity <level> | Minimum severity to report: low, medium, high, critical (default: low) | | -r, --recursive | Recursively scan all .vsix files in a directory | | -j, --jobs <n> | Number of parallel scans (default: 4, used with --recursive) | | --no-network | Disable network-based checks | | --no-cache | Bypass cache, download fresh | | --force | Re-download even if cached | | --all-registries | Scan from all registries (Marketplace + OpenVSX + Cursor) |

Extension Cache

Downloaded extensions are cached for faster subsequent scans:

| Platform | Cache Location | | -------- | ------------------------------------------------------- | | macOS | ~/Library/Caches/vsix-audit/ | | Linux | $XDG_CACHE_HOME/vsix-audit/ or ~/.cache/vsix-audit/ |

Extensions are organized by registry (marketplace/, openvsx/, cursor/).

Cache management commands:

vsix-audit cache path              # Print cache directory
vsix-audit cache list [--json]     # List cached extensions
vsix-audit cache clear [pattern]   # Clear cache (optional glob pattern)
vsix-audit cache info <ext-id>     # Show cached versions

Examples:

# First scan downloads to cache
vsix-audit scan ms-python.python
# → Downloaded ~/.cache/vsix-audit/marketplace/ms-python.python-2024.1.0.vsix

# Second scan uses cache
vsix-audit scan ms-python.python
# → Using cached ~/.cache/vsix-audit/marketplace/ms-python.python-2024.1.0.vsix

# Force re-download
vsix-audit scan --force ms-python.python

# Bypass cache entirely
vsix-audit scan --no-cache ms-python.python

# Clear specific extensions
vsix-audit cache clear ms-python.*

Output Formats

Text (default) - Human-readable report for terminal output.

JSON - Machine-readable results for integration with other tools.

SARIF - Static Analysis Results Interchange Format for CI/CD integration.

Exit Codes

| Code | Meaning | | ---- | ----------------- | | 0 | No findings | | 1 | Findings detected | | 2 | Error during scan |

Threat Intelligence

The zoo/ directory contains threat intelligence for detection:

| Directory | Contents | | ----------------- | --------------------------------------------------------------------- | | zoo/blocklist/ | Known malicious extension IDs with campaign attribution | | zoo/iocs/ | SHA256 hashes, C2 domains/IPs, crypto wallets, malicious npm packages | | zoo/signatures/ | YARA rules for credential harvesting, RAT behavior, self-propagation | | zoo/telemetry/ | Known telemetry service domains (analytics, crash-reporting, APM) |

IOCs sourced from: GlassWorm, Evelyn, TigerJack, OctoRAT, WhiteCobra, Shiba, MUT-9332, FAMOUS CHOLLIMA, ReversingLabs-Dec2025

Malware Samples (for development)

Malware samples are in a separate private repository (trailofbits/vsix-zoo) to avoid Dependabot alerts and AV triggers.

# Clone the samples repo (requires access)
git clone [email protected]:trailofbits/vsix-zoo.git ../vsix-zoo

# Run tests with samples
VSIX_ZOO_PATH=../vsix-zoo/samples npm test

Development

git clone https://github.com/trailofbits/vsix-audit.git
cd vsix-audit
npm install
prek install   # pre-commit hooks
npm run check  # typecheck + lint + test

License

AGPL-3.0