Koi

Company

Koi is a platform designed for creators and developers to build, manage, and monetize their digital projects. It is aimed at individuals and teams looking to streamline their workflow and enhance their project's visibility. A key use case is providing tools for project management and monetization strategies.

article 2 storys calendar_today First seen: 2026-01-06 update Last seen: 2026-01-06 open_in_new Website menu_book Wikipedia

Resources

Links to check for updates: homepage, feed, or git repo.

home Homepage

code Git repo

Stories

Showing 1-2 of 2

AI VS Code forks can prompt nonexistent Open VSX extensions

AI-powered VS Code forks (Cursor, Windsurf, Google Antigravity, Trae) inherit extension recommendations from Microsoft’s marketplace, but some recommended extension names don’t exist in Open VSX, the registry these forks rely on. This gaps creates a name-squatting avenue where attackers could publish malicious packages under those names; prompts can be file-based or software-based, increasing exposure.

calendar_today 2026-01-06

cursor windsurf open-vsx visual-studio-code supply-chain-security

AI IDE forks exposed by OpenVSX namespace hijack in built-in extension recommendations

Koi found that popular AI IDEs forked from VS Code (Cursor, Windsurf, Google Antigravity, Trae) inherit hardcoded extension recommendations that point to Microsoft’s marketplace, but those extensions don’t always exist on OpenVSX (the registry these IDEs actually use). Unclaimed namespaces on OpenVSX could be registered by attackers to ship malicious lookalike extensions that the IDE proactively recommends based on files or installed software. Koi preemptively claimed several risky namespaces (e.g., PostgreSQL, Azure Pipelines, ARM tools) with placeholder packages to reduce immediate risk.

calendar_today 2026-01-06

cursor windsurf openvsx vscode supply-chain-security