Open VSX

Open VSX
Original authorTypeFox
DeveloperEclipse Foundation
Initial release2019
LicenseEclipse Public License 2.0
Websitehttps://open-vsx.org
Repositorygithub.com/eclipse-openvsx/openvsx

Open VSX is an open-source registry for extensions compatible with the Visual Studio Code extension API. The project is hosted by the Eclipse Foundation and provides a vendor-neutral alternative to Microsoft's Visual Studio Marketplace, whose licensing terms restrict usage to Microsoft products.[1][2] The public registry allows extensions to be published and consumed by development environments implementing the VS Code extension model.

The project originated at the German software company TypeFox and was contributed to the Eclipse Foundation in 2020. By the mid-2020s, the registry hosted more than 10,000 extensions and served hundreds of millions of extension downloads per month.[3][4]

History

Open VSX was created in 2019 by TypeFox to support the Eclipse Theia development platform.[5] The registry was developed as an alternative to Microsoft's Visual Studio Marketplace which restricts use of its extensions to Microsoft-branded tools.[1]

In 2020, TypeFox contributed the project to the Eclipse Foundation, where it became part of the foundation's ecosystem of open-source developer tools.[5] The public registry hosted by the Eclipse Foundation was subsequently launched at open-vsx.org.[1]

Governance

Open VSX is governed by the Open VSX Working Group at the Eclipse Foundation. The working group was established in 2023 to support vendor-neutral governance and long-term sustainability of the registry.[1]

Founding members include Google, Salesforce, Amazon Europe, Huawei, Posit Software and Siemens.[6]

Usage

Open VSX provides infrastructure for publishing and distributing extensions compatible with the Visual Studio Code extension API. It is used by development environments that implement the VS Code extension model, including open-source platforms such as Eclipse Theia.

Industry reporting has described the registry as part of a broader ecosystem shift toward vendor-neutral tooling for software development platforms.[2]

By 2026, the registry handled more than 50 million requests per day and hosted over 10,000 extensions from thousands of publishers.[7]

Security

In 2025, a vulnerability affecting the Open VSX registry exposed repositories to potential takeover attacks, prompting security updates by project maintainers.[8]

In 2026, researchers identified malicious extensions distributed through the registry as part of a software supply chain attack campaign, highlighting the risks associated with extension ecosystems.[9]

Architecture

The Open VSX registry includes a backend service, a web interface for browsing extensions, and a command-line interface for publishing and managing extensions. The software is released under the Eclipse Public License 2.0 and can be deployed as a self-hosted registry.[10]

See also

References

  1. ^ a b c d Anderson, Tim (2023-06-27). "Open VSX alternative to VS Code Marketplace saved from closure by new Eclipse working group". devclass. Retrieved 2026-03-30.
  2. ^ a b "AWS backs Open VSX as Rust survey shows VS Code decline". Archived from the original on 2026-03-23. Retrieved 2026-03-30.
  3. ^ "Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test -". ADTmag. Retrieved 2026-03-30.
  4. ^ Vizard, Mike (2026-03-03). "Eclipse Foundation Extends Scope and Reach of Open VSX Registry". DevOps.com. Retrieved 2026-03-30.
  5. ^ a b online, heise (2021-03-31). "Visual Studio Code: TypeFox übergibt alternativen Marktplatz an Eclipse". Developer (in German). Retrieved 2026-03-30.
  6. ^ "Open VSX Registry". open-vsx.org. Retrieved 2026-03-30.
  7. ^ Sawers, Paul (2026-03-04). "Eclipse Foundation reports Open VSX hits 300 million monthly downloads". The New Stack. Retrieved 2026-03-30.
  8. ^ Arghire, Ionut (2025-06-27). "Vulnerability Exposed All Open VSX Repositories to Takeover". SecurityWeek. Retrieved 2026-03-30.
  9. ^ News, The Hacker. "GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers". The Hacker News. Retrieved 2026-03-30. {{cite web}}: |last= has generic name (help)
  10. ^ Beaton, Wayne (2019-12-04). "Eclipse Open VSX | projects.eclipse.org". projects.eclipse.org. Retrieved 2026-03-30.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.