Supply chain attacks really worry me. I do most of my work in docker containers partly as a small attempt to mitigate this. I run the full stack in the container, including Claude Code, Neovim, Postgres, etc.
I do have a fair number of Neovim plugins on my host machine, and a number of Arch packages that I probably could do without.
I’ve considered keeping my host’s Neovim vanilla, but telescope is hard to live without.
You know you are in a cycle when some new software/paradigm brings new solutions and approaches while it forgets about basic stuff already implemented for ages by prior solutions. It's basically like an adolescent.
I guess this is how we evolve?
Am I understanding right the extension was free to download code from internet and execute with enough rights to scan the user's disk? That is wild. Does this mean every company is one bad extension install away from having its entire codebase stolen or worse?
I naively assumed the extensions were 'sandboxed' to some degree.
1. Be aware of remote code downloading and execution. VSC extensions are remote code. Try to find out if you trust the source. I trust Debian repos, I certainly do not trust the VSC marketplace.
2. Know the policies around sandboxing. VSC is not a browser, and does no sandboxing at all.
3. Containerize or virtualize the application. If you're on Linux, always use Flatpak. Deny all filesystem permissions except for your root source code directory. This goes for browsers, too. Ideally they should support xdg-download and then have zero file permissions at all - otherwise, only grant ~/Downloads. Don't want a zero-day stealing your files.
4. Keep sensitive data in a separate, encrypted place. On Linux, you can use KDE vaults.
In a perfect world, we wouldn't be downloading and running remote code at all. But for practically, this is untenable. I have JS enabled in my browser. Our best bet is limiting the blast radius when things go south.
But this is not about Cursor. It's a supply chain attack, and a Windows machine running a software wallet. A hardware wallet would make this impossible.
> The developer was well aware of the cybersecurity risks associated with crypto transactions, so he was vigilant and carefully reviewed his every step while working online.
This incident really underscores how AI-powered dev tools, which rely on open-source extension registries like Open VSX, can be weaponized via supply chain abuse. A $500k crypto heist via a bogus “syntax highlighter” signals a scary maturity in these attacks.
Ranking manipulation, using recency and inflated download counts, to outrank the legitimate Solidity package is a clever exploit of how developers search. It makes me wonder: should IDEs start validating package authorship or offer signed extensions as a default?
Also, the fact that this happened on a freshly imaged system with no antivirus suggests we need to rethink trust models for extension marketplaces. Not just for crypto devs, but for any industry sensitive to code integrity.
Context : Cursor, despite raising $900M, is a vscode fork that uses the open-vsx extension registry. It is maintained by european volunteers at a non-profit, and does not have the resources to check for supply-chain attacks like this.
Freeloading on (and blaming) volunteer infrastructure is irresponsible, especially when you have so much funding.
I'm always anxious when I download npm packages or when I pip Python packages...tbh it's a gamble because there are so many supply chain attacks and/or malicious developers.
Thats why I always develop on a per customer mini VM via VSCode ssh remoting or similar, and projects are usually runned via docker-compose or devcontainers.
There's actually a new setting in vscode (from Dec 24) to configure a whitelist for extensions that are allowed to be installed on a user's machine [0]. It's not foolproof, but it probably helps to prevent common supply chain attacks. I wonder if this could be used in cursor too.
Downloading random code from internet is just normal development on Mac. Brew, npm and other sorts of "package managers".
I have code, passwords and certificates separated in virtual machines, even IDE GUI app is virtualized, and has no rights to access GitHub, internet or filesystem directly.
But I get a lot of flack from coworkers. They say it is unintuitive and uses x86 CPU which is uncool. Mac has no reasonable VM software or secure containers!
Somewhat humorously, my company displayed an IT warning telling me that I can't visit the website in question because it's in Russia. I probably set off some kind of alarm somewhere.
I do use Cursor at work and I have various extensions installed.
35 comments
[ 1.4 ms ] story [ 52.8 ms ] threadI do have a fair number of Neovim plugins on my host machine, and a number of Arch packages that I probably could do without.
I’ve considered keeping my host’s Neovim vanilla, but telescope is hard to live without.
https://x.com/code/status/1943720372307665033?s=46
it wasn't even a cursor specific extension it was a vscode one. completely misleading
I naively assumed the extensions were 'sandboxed' to some degree.
1. Be aware of remote code downloading and execution. VSC extensions are remote code. Try to find out if you trust the source. I trust Debian repos, I certainly do not trust the VSC marketplace.
2. Know the policies around sandboxing. VSC is not a browser, and does no sandboxing at all.
3. Containerize or virtualize the application. If you're on Linux, always use Flatpak. Deny all filesystem permissions except for your root source code directory. This goes for browsers, too. Ideally they should support xdg-download and then have zero file permissions at all - otherwise, only grant ~/Downloads. Don't want a zero-day stealing your files.
4. Keep sensitive data in a separate, encrypted place. On Linux, you can use KDE vaults.
In a perfect world, we wouldn't be downloading and running remote code at all. But for practically, this is untenable. I have JS enabled in my browser. Our best bet is limiting the blast radius when things go south.
Uses Cursor. Downloads random extensions.
Ranking manipulation, using recency and inflated download counts, to outrank the legitimate Solidity package is a clever exploit of how developers search. It makes me wonder: should IDEs start validating package authorship or offer signed extensions as a default?
Also, the fact that this happened on a freshly imaged system with no antivirus suggests we need to rethink trust models for extension marketplaces. Not just for crypto devs, but for any industry sensitive to code integrity.
Freeloading on (and blaming) volunteer infrastructure is irresponsible, especially when you have so much funding.
Thanks to Cursor you can no longer directly download extensions from vs code marketplace.
[0] https://code.visualstudio.com/docs/setup/enterprise#_configu...
Yet, the extension dilemma is also utterly shit. That's why I stay far away from "VSCode and friends"
I have code, passwords and certificates separated in virtual machines, even IDE GUI app is virtualized, and has no rights to access GitHub, internet or filesystem directly.
But I get a lot of flack from coworkers. They say it is unintuitive and uses x86 CPU which is uncool. Mac has no reasonable VM software or secure containers!
I do use Cursor at work and I have various extensions installed.