CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Eclipse Foundation Implements Pre-Publish Security Checks for Open VSX Extensions

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The Eclipse Foundation is introducing mandatory pre-publish security checks for extensions submitted to the Open VSX Registry. This shift from a reactive to a proactive approach aims to prevent malicious extensions from being published and to combat supply chain threats. The new checks will flag impersonation, exposed credentials, and known malicious patterns, with enforcement beginning in March 2026 after a February 2026 trial period. The move follows increasing attacks on open-source package registries and extension marketplaces, including recent incidents of compromised publisher accounts and poisoned updates.

Timeline

  1. 04.02.2026 08:26 1 articles · 16h ago

    Eclipse Foundation to Enforce Pre-Publish Security Checks for Open VSX Extensions

    The Eclipse Foundation will enforce pre-publish security checks for extensions submitted to the Open VSX Registry, starting in March 2026. The checks will flag impersonation, exposed credentials, and known malicious patterns, with a trial period in February 2026 to fine-tune the system and reduce false positives. This move aims to prevent malicious extensions from being published and to combat supply chain threats.

    Show sources
    Open in new tab

Information Snippets