A recent investigation by security vendor Wiz has revealed a troubling trend in the Visual Studio Code extension ecosystem: developers are unintentionally exposing sensitive secrets and access tokens in their extensions, leaving them open to exploitation by threat actors. These careless practices affect both the Microsoft VSCode Marketplace and the OpenVSX marketplace.
The Wiz report found more than 550 validated secrets across over 500 extensions from hundreds of publishers. Exposed secrets included API keys for AI platforms like OpenAI, Anthropic, Gemini, xAI, DeepSeek, HuggingFace, and Perplexity, as well as high-risk professional services such as AWS, GitHub, Stripe, Auth0, and Google Cloud Platform. Database credentials for systems like MongoDB, Postgres, and Supabase were also leaked.
The investigation highlighted over 100 valid Azure DevOps Personal Access Tokens within VSCode Marketplace extensions, collectively installed over 85,000 times. OpenVSX extensions showed similar risks, with more than 30 leaked access tokens across 100,000 installs. The primary source of these leaks was the inclusion of hidden files, commonly called dotfiles, such as .env files containing sensitive information. Hardcoded credentials within source code were also prevalent.
Wiz researchers additionally noted a surge in secrets leaking through AI-related configuration files (config.json, mcp.json, .cursorrules), build configurations like package.json, and even documentation files such as README.md. The report emphasizes that both developers and marketplace maintainers need stricter guardrails to prevent sensitive data from being inadvertently published, and urges developers to audit their extensions before release.