Spam Extensions in VS Code Marketplace

[mh-firouzjah]

Summary

The Visual Studio Code Marketplace is increasingly flooded with spam extensions, particularly themes and forks of legitimate extensions. These spam extensions:

• Often copy or slightly modify legitimate extensions with misleading names.
• Provide no real value or functionality.
• Potentially contain malware or malicious code.

This behavior disrupts the user experience, makes it difficult to discover high-quality extensions, and poses security risks.

---

Steps to Reproduce

1. Open the Visual Studio Code Extensions Marketplace.
2. Search for terms like theme or popular extension names.
3. Notice multiple similar extensions with:
   • Nearly identical descriptions or code.
   • Minor cosmetic changes that don't justify a new extension.
   • Suspicious or unverifiable publishers.

---

Expected Behavior

• Extensions in the Marketplace should adhere to strict guidelines for originality, security, and functionality.
• Developers who spam or misuse the platform should be flagged, filtered, or banned.
• Users should have tools to filter or block low-quality or suspicious publishers.

---

Observed Behavior

• Users are overwhelmed with irrelevant, low-quality, and spam extensions.
• The "Related Extensions" section frequently displays these duplicates, further promoting them.
• There is no clear mechanism to:
  • Flag spam effectively.
  • Block or filter publishers locally.
  • Ensure high-quality extensions are prioritized.

---

Proposed Solutions

1. Stricter Moderation:

   • Enforce manual or automated reviews for extensions submitted by unverified publishers.
   • Penalize accounts for duplicate submissions.

2. User Reporting:

   • Provide more robust tools for users to report spam or inappropriate extensions directly in VS Code.
   • Allow users to block specific publishers or filter them out from searches.

3. Discovery Improvements:

   • Use machine learning to identify and downrank duplicate or spam extensions.
   • Offer a "Verified Extensions Only" filter in the Marketplace.

4. Publisher Verification:

   • Require more rigorous verification for new publishers.
   • Display unverified extensions with a warning label or hide them by default.

---

Impact

• The current state undermines the credibility of the Marketplace.
• Users spend unnecessary time filtering through irrelevant or harmful extensions.
• Security risks increase due to potential malicious extensions.

---

Attachments: Screenshots or Examples of Spam Extensions

Below is an example of what I am referring to as "spam extensions." In the attached screenshot, you can observe developers such as dooez, siriscmv, Alex Dauenhauer, Lakshit Somani, and several others who appear to be repeatedly forking existing extensions, particularly theme extensions, without introducing any meaningful improvements or value.

These spam extensions clutter the Marketplace, reduce the discoverability of quality content, and frustrate users.

I strongly urge the team to implement at least one of the following:

• A filtering system in the extensions search box that allows users to exclude publishers or flag them as irrelevant.
• Stronger moderation policies to discourage and penalize such repetitive, low-value submissions.

[Neelima10735584]

Thank you for contacting the VS Marketplace Support Team. We will review it and follow up to determine the best way to address it.

VS Marketplace Team