Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.