{"id":230481,"date":"2026-02-04T05:20:37","date_gmt":"2026-02-04T11:20:37","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/02\/eclipse-foundation-mandates-pre-publish-security-checks-for-open-vsx-extensions"},"modified":"2026-02-04T05:20:37","modified_gmt":"2026-02-04T11:20:37","slug":"eclipse-foundation-mandates-pre-publish-security-checks-for-open-vsx-extensions","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/02\/eclipse-foundation-mandates-pre-publish-security-checks-for-open-vsx-extensions","title":{"rendered":"Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/eclipse-foundation-mandates-pre-publish-security-checks-for-open-vsx-extensions2.jpg\"><\/a><\/p>\n<p>The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.<\/p>\n<p>The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don\u2019t end up getting published on the Open VSX Registry.<\/p>\n<p>\u201cUp to now, the Open VSX Registry has relied primarily on post-publication response and investigation. When a bad extension is reported, we investigate and remove it,\u201d Christopher Guindon, director of software development at the Eclipse Foundation, <a href=\"https:\/\/blogs.eclipse.org\/post\/christopher-guindon\/strengthening-supply-chain-security-open-vsx\" rel=\"noopener\" target=\"_blank\">said<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don\u2019t end up [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-230481","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/230481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=230481"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/230481\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=230481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=230481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=230481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}