PlatformIO IDE extension has been removed with over 4,500,000 unique installs #1114
Comments
|
These extensions and a few others were removed from the Visual Studio Marketplace as versions were flagged as malicious. We will be working with owners to bring them back. |
|
Please restore our extension and keep all history with versions and stats. We WILL NOT upload a new version until you revert back our extension. See https://embedded-development-in-vscode.github.io/overview/
Please provide any arguments that the PlatformIO IDE extension had any "malicious" issues. That was an internal fault by Microsoft engineers who wrote the "wrong" auto-remove script that deleted all popular extensions. Please restore our extension and keep all our reviews and downloads. |
|
Several versions of the extensions contained a package that is known bitcoin mining malware. Unfortunately, we can't restore extensions. That was a miss on our part. And I do apologize for the inconvenience! If you can please work with us and upload a new version, we can restore stats, like install counts. |
|
Microsoft and PlatformIDE users asks to bring the extension back! that's abusive to remove it like that! |
|
Will you be able to restore all the information, including reviews? One day, a new engineer decided to delete everything we had been working on since 2016. How is that possible without any backup? Without any notice? Please check this page https://embedded-development-in-vscode.github.io/overview/ 
|
This is unacceptable. We rely on the VS Code Marketplace as enterprise-grade infrastructure. The admins of our VSMarketplace project received no notification about our extension being unpublished. If an extension is flagged as malicious, this does not justify a sudden and irreversible deletion of it. The extension should be made private and the owners should be contacted via email. Restoring our extension (Zowe Explorer) will be a tedious process as we have many old versions that are important to keep around, as some of our customers need to stay pinned to an older version. |
|
@mariaghiondea, do you have any updates? Based on the public stats (https://embedded-development-in-vscode.github.io/overview/), PlatformIO IDE is receiving over 3,000 new installs per day. This issue is affecting many users, and they have started raising concerns on various social platforms, including Twitter and Reddit. As @t1m0thyj pointed out, it seems unreasonable for Microsoft to remove such a popular extension without marking it as "hidden", "private" or "requiring attention". Our history and reputation are the top reasons why companies choose PlatformIO for their product development. Please help 🙏 |
|
Hey @mariaghiondea, How will you be reaching out to the various affected owners? Shall we open individual issues? Or will emails to the FWIW, you should've received an email earlier this morning about the |
What package is that? |
|
We are working on a solution to restore the extensions. I will update this thread as we make progress. |
flatmap-stream npm package |
We are reaching out to all owners. We are working on a solution to restore packages and stats. |
Agreed. We are making process improvements, to prevent this. |
@mariaghiondea There must be other packages that were also flagged. The Edit: Seems that it used to be - in an old version from 2018: https://code.visualstudio.com/blogs/2018/11/26/event-stream |
|
Platformio ide extension was reuploaded successfully: Extention: PlatformIO IDE - Visual Studio Marketplace We will be updating stats shortly. |
|
@mariaghiondea The version for Linux 64 bit does not seem to be available. Will it be available soon? |
|
@mariaghiondea , thanks for the updates! Will we help if re-submit the latest version with the host-dependent extensions (windows, Linux, Mac)? |
|
I see it listed now, but getting this message
|
|
I see it also in codespaces but we get the error
For another project we did the build the VSIX Package workaround but this is becoming an issue to spend a lot of time on the tool |
ok but i only see win64 supported. im kinda expecting a list. like:
took me way too long to figure out it wasnt me or my machine for once. would like to see the actual stuff back before worrying about metrics/stats |
@ivankravets That will help immensely. Thank you so much for the help. And apologies for the inconvenience this has caused! |
|
Likewise, no longer available for Mac Silicon. Frustrating. |
First of all, I would like to express how sorry I am for this incident. Today, I installed a new operating system and, as my first task, I tried to install PlatformIO, only to encounter this unfortunate news. We are eagerly waiting for the Linux amd64 support. |
|
Hi @mariaghiondea, We have thoroughly reviewed all nested NPM dependencies in the PlatformIO IDE extension. The extension does not depend on If this issue is related to an older version from 2017-2018 due to the SemVer specification - where packages can rely on others via Could you clarify the real reason behind deleting the PlatformIO IDE extension? Who made this decision? We believe transparency is essential to prevent similar incidents from happening in the future. For now, we have published a new "technical" version (3.3.4), which includes packages for all platforms. We are also waiting for the reviews to restore the extension. Thanks 🙏 |
|
I've been posting this across our different threads, so I wanted to share it here too: For a bit of context, my team (the Visual Studio Marketplace team) is doing a focused effort on security and looking for ways to become more proactive in the space, as well as react to existing threats. As part of that, we were scanning all extensions and discovered that 45 of them had older versions that needed to be removed. They were flagged as malicious because they contained the flatmap-stream npm package that is known bitcoin mining malware. Due to miscommunication, this resulted in the removal of several extensions where only the older versions were flagged, and only those should have been removed. This affected your extension. We realized it a few hours after and started taking action. This included communication to all package owners affected and trying to recover the extensions. This caused a lot of disruption for the community, and for the team. We are currently doing an RCA. We are already implementing some of the repair items, to:
Please let me know your feedback. We'd love to use it in our RCA! |
While we all make mistakes and I think all of us have some big one behind us, this statement combined with the "we'll just delete it" is scary. No enterprise level IT should function this way. You make it sound like the SECOPS that removed the accounting general ledger module with no backups, because you found something you didn't like. I support a proactive approach but the implemented approach lacked accountability and enterprise concepts. The fact that it's not just this popular extension that's hit makes this really sad. Going forward I hope the group at MS will change policies on how to interact with 3rd party extensions. At the very very least have a system that doesn't remove content or make it unrestorable. That final removal action seems to scream "need approval, need thought". Please ensure backups exist and a method for your team to mark extensions as being available or not, so you can take immediate action without having to remove content. |
Did you delete a 10-year project without notice because you didn't like it? Great! What a crisis-management! |
|
OMFG |
|
@mariaghiondea , do you have any updates on restoring the extension reviews? The PlatformIO IDE extension is important even for Microsoft itself. See Microsoft leverages PlatformIO for its course "IoT for Beginners" We have many friends at Microsoft - should we attract them to solve your team's mistakes quickly? |
|
We are in the process of restoring stats. At this time install counts and rating counts are restored. We are looking into reviews next. |
|
@mariaghiondea , how is your progress? Do you have a backup of the reviews? |
|
@mariaghiondea , 3 weeks... Any updates? |
|
Apologies for the delay. I didn't have any meaningful updates to share yet. Our first attempt to retrieve the rest of the metadata wasn't successful (through a regular process that we have). We finished an RCA. This uncovered a few areas of improvement. We implemented/are in the process of implementing the repair items. Among those is the ability to restore data quickly and easy, as well as soft deletes to prevent these all together, and more awareness to the community before we take action. These will help with this case and prevention and recovery in the future too. |
|
Do you mean you don’t have permission to the backup of Marketplace-related data? Or do you have the backup but can’t apply the changes to the master database? How can we help? We can make this issue public to attract more attention. The problem is that people who deleted our extension might have been fired. |
|
I realize that it's been a while since this happened. We are trying to be careful, but this is still a priority for us, we have the data and a plan to recover it. |
The text was updated successfully, but these errors were encountered: