Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

Summary

Socket has updated its Firewall to block malicious VS Code and Open VSX extensions before they can be installed on developer machines. This follows a GitHub incident in May 2026 where a compromised VS Code extension led to the exfiltration of thousands of internal repositories. The new feature aims to prevent such attacks by filtering extension downloads and marketplace requests, addressing a critical gap where traditional inventory tools only detect threats after they've already run.

Full text

ProductIntroducing Manifest AlertsSocket now detects supply chain risks in project manifests, starting with missing lockfiles that can make dependency installs non-reproducible.By André Staltz, Trevor Norris - Jun 16, 2026

Indicators of Compromise

• malware — Nx Console 18.95.0

Entities