Spoiler: the person who posted on hackernews and member of the vscode team is a friend or a direct contact of Theo, probably. They banned us directly, even the extensions that were not using the souspicius old dependency (@sanity).
False positives suck, and it hurts when it happens.
The publisher account for Material Theme and Material Theme Icons (Equinusocio) was mistakenly flagged and has now been restored. In the interest of safety, we moved fast and we messed up. We removed these themes because they fired off multiple malware detection indicators inside Microsoft, and our investigation came to the wrong conclusion. We care deeply about the security of the VS Code ecosystem, and acted quickly to protect our users.
I understand that the “Equinusocio” extensions author’s frustration and intense reaction, and we hear you. It’s bad but sometimes things like this happen. We do our best - we’re humans, and we hope to move on from this We will clarify our policy on obfuscated code and we will update our scanners and investigation process to reduce the likelihood of another event like this. These extensions are safe and have been restored for the VS Code community to enjoy.
LINKS: Material Theme https://marketplace.visualstudio.com/items?itemName=Equinuso… Material Theme Icons https://marketplace.visualstudio.com/items?itemName=Equinuso…
Again, we apologize that the author got caught up in the blast radius and we look forward to their future themes and extensions. We’ve corresponded with him to make these amends and thanked him for his patience.
Scott Hanselman and the Visual Studio Code Marketplace Team - @shanselman
