In case someone stumbles upon this now, Prettier got caught running a crypto miner on users’ computers: https://programming.dev/post/28214590
A set of ten VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools
Real one has way more installs?
https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode
Well spotted. https://securityonline.info/malicious-vscode-extensions-caught-mining-crypto-with-xmrig/ This news article has a link to this listing: https://app.extensiontotal.com/report/prettierteam.prettier
Notably, the developer name is different.
So cool. Curious, Why do they need to specify that the project has to be implemented in Rust?
If I had to guess the motivation, it would probably be that:
- Rust is a systems language known for performance and correctness, which makes it a good candidate for their stated goal of having a competitor to encourage performance and correctness within Prettier
- Rust is popular and relatively well-known among open source developers, more so than any comparable language except maybe Go
- Rust is a hip language that probably added some free publicity to their announcement
