Created
March 16, 2026 17:00
-
-
Save AoiYamada/c859ebc5a442e442e6dc85f89c43a476 to your computer and use it in GitHub Desktop.
Check if your vscode extensions are malware
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # VS Code 擴充功能安全檢查工具 | |
| # 動態取得並檢查 VS Code 擴充功能是否在已知的感染清單中 | |
| # data source (Huli 隨意聊): | |
| # https://www.facebook.com/share/p/1L5gHwjaAV/ | |
| # 顏色定義 | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| BLUE='\033[0;34m' | |
| NC='\033[0m' # No Color | |
| # 已知的感染擴充功能清單 | |
| INFECTED_EXTENSIONS=" | |
| aadarkcode.one-dark-material | |
| aligntool.extension-align-professional-tool | |
| angular-studio.ng-angular-extension | |
| awesome-codebase.codebase-dart-pro | |
| awesomeco.wonder-for-vscode-icons | |
| bhbpbarn.vsce-python-indent-extension | |
| blockstoks.easily-gitignore-manage | |
| brategmaqendaalar-studio.pro-prettyxml-formatter | |
| codbroks.compile-runnner-extension | |
| codevunmis.csv-sql-tsv-rainbow | |
| codwayexten.code-way-extension | |
| cosmic-themes.sql-formatter | |
| craz2team.vscode-todo-extension | |
| crotoapp.vscode-xml-extension | |
| cudra-production.vsce-prettier-pro | |
| daeumer-web.es-linter-for-vs-code | |
| dark-code-studio.flutter-extension | |
| densy-little-studio.wonder-for-vscode-icons | |
| dep-labs-studio.dep-proffesinal-extension | |
| dev-studio-sense.php-comp-tools-vscode | |
| devmidu-studio.svg-better-extension | |
| dopbop-studio.vscode-tailwindcss-extension-toolkit | |
| errlenscre.error-lens-finder-ex | |
| exss-studio.yaml-professional-extension | |
| federicanc.dotenv-syntax-highlighting | |
| flutxvs.vscode-kuberntes-extension | |
| gvotcha.claude-code-extension | |
| gvotcha.claude-code-extensions | |
| intellipro.extension-json-intelligence | |
| kharizma.vscode-extension-wakatime | |
| ko-zu-gun-studio.synchronization-settings-vscode | |
| kwitch-studio.auto-run-command-extension | |
| lavender-studio.theme-lavender-dreams | |
| littensy-studio.magical-icons | |
| lyu-wen-studio-web-han.better-formatter-vscode | |
| markvalid.vscode-mdvalidator-extension | |
| mecreation-studio.pyrefly-pro-extension | |
| mswincx.antigravity-cockpit | |
| mswincx.antigravity-cockpit-extension | |
| namopins.prettier-pro-vscode-extension | |
| oigotm.my-command-palette-extension | |
| otoboss.autoimport-extension | |
| ovixcode.vscode-better-comments | |
| pessa07tm.my-js-ts-auto-commands | |
| potstok.dotnet-runtime-extension | |
| pretty-studio-advisor.prettyxml-formatter | |
| prismapp.prisma-vs-code-extension | |
| projmanager.your-project-manager-extension | |
| pubruncode.ccoderunner | |
| pyflowpyr.py-flowpyright-extension | |
| pyscopexte.pyscope-extension | |
| redcapcollective.vscode-quarkus-elite-suite | |
| rubyideext.ruby-ide-extension | |
| runnerpost.runner-your-code | |
| shinypy.shiny-extension-for-vscode | |
| sol-studio.solidity-extension | |
| ssgwysc.volar-vscode | |
| studio-jjalaire-team.professional-quarto-extension | |
| studio-velte-distributor.pro-svelte-extension | |
| sun-shine-studio.shiny-extension-for-vscode | |
| sxatvo.jinja-extension | |
| tamokill12.foundry-pdf-extension | |
| thing-mn.your-flow-extension-for-icons | |
| tima-web-wang.shell-check-utils | |
| tokcodes.import-cost-extension | |
| toowespace.worksets-extension | |
| treedotree.tree-do-todoextension | |
| tucyzirille-studio.angular-pro-tools-extension | |
| turbobase.sql-turbo-tool | |
| twilkbilk.color-highlight-css | |
| vce-brendan-studio-eich.js-debuger-vscode | |
| yamaprolas.revature-labs-extension | |
| " | |
| echo -e "${BLUE}========================================${NC}" | |
| echo -e "${BLUE} VS Code 擴充功能安全檢查工具${NC}" | |
| echo -e "${BLUE}========================================${NC}\n" | |
| # 檢查 code 指令是否可用 | |
| if ! command -v code > /dev/null 2>&1; then | |
| echo -e "${RED}錯誤: 找不到 'code' 指令${NC}" | |
| echo "請確認 VS Code 已安裝並且在系統 PATH 中" | |
| exit 1 | |
| fi | |
| echo -e "${YELLOW}正在取得已安裝的 VS Code 擴充功能...${NC}\n" | |
| # 動態取得所有已安裝的擴充功能 | |
| INSTALLED_EXTENSIONS=$(code --list-extensions 2>/dev/null) | |
| if [ $? -ne 0 ] || [ -z "$INSTALLED_EXTENSIONS" ]; then | |
| echo -e "${RED}錯誤: 無法取得擴充功能清單${NC}" | |
| exit 1 | |
| fi | |
| # 初始化計數器 | |
| TOTAL_COUNT=0 | |
| INFECTED_COUNT=0 | |
| SAFE_COUNT=0 | |
| # 建立暫存檔案 | |
| TEMP_INSTALLED=$(mktemp) | |
| TEMP_INFECTED=$(mktemp) | |
| TEMP_SAFE=$(mktemp) | |
| # 將感染清單寫入暫存檔案 | |
| echo "$INFECTED_EXTENSIONS" | grep -v '^$' > "$TEMP_INFECTED" | |
| # 將已安裝擴充功能寫入暫存檔案 | |
| echo "$INSTALLED_EXTENSIONS" > "$TEMP_INSTALLED" | |
| # 計算總數 | |
| TOTAL_COUNT=$(wc -l < "$TEMP_INSTALLED" | tr -d ' ') | |
| echo -e "${GREEN}找到 $TOTAL_COUNT 個已安裝擴充功能${NC}\n" | |
| echo -e "${YELLOW}正在檢查擴充功能安全性...${NC}\n" | |
| # 清空安全擴充功能暫存檔案 | |
| > "$TEMP_SAFE" | |
| # 逐行檢查每個擴充功能 | |
| while IFS= read -r ext; do | |
| if [ -n "$ext" ]; then | |
| # 檢查是否在感染清單中 | |
| if grep -Fx "$ext" "$TEMP_INFECTED" > /dev/null; then | |
| INFECTED_COUNT=$((INFECTED_COUNT + 1)) | |
| INFECTED_FOUND="$INFECTED_FOUND\n$ext" | |
| else | |
| SAFE_COUNT=$((SAFE_COUNT + 1)) | |
| echo "$ext" >> "$TEMP_SAFE" | |
| fi | |
| fi | |
| done < "$TEMP_INSTALLED" | |
| # 輸出結果 | |
| echo -e "${BLUE}========================================${NC}" | |
| echo -e "${BLUE}檢查結果${NC}" | |
| echo -e "${BLUE}========================================${NC}\n" | |
| if [ $INFECTED_COUNT -eq 0 ]; then | |
| echo -e "${GREEN}✅ 安全!沒有發現感染的擴充功能${NC}" | |
| else | |
| echo -e "${RED}⚠️ 警告:發現 $INFECTED_COUNT 個可能感染的擴充功能${NC}\n" | |
| echo -e "${RED}以下擴充功能可能存在安全風險:${NC}" | |
| echo -e "${RED}----------------------------------------${NC}" | |
| echo -e "$INFECTED_FOUND" | while IFS= read -r ext; do | |
| if [ -n "$ext" ]; then | |
| echo -e "${RED}🔴 $ext${NC}" | |
| fi | |
| done | |
| echo -e "${RED}----------------------------------------${NC}\n" | |
| echo -e "${YELLOW}建議立即解除安裝這些擴充功能:${NC}" | |
| echo -e "$INFECTED_FOUND" | while IFS= read -r ext; do | |
| if [ -n "$ext" ]; then | |
| echo "code --uninstall-extension $ext" | |
| fi | |
| done | |
| echo "" | |
| fi | |
| echo -e "${GREEN}安全擴充功能清單 (${SAFE_COUNT}個):${NC}" | |
| echo -e "${GREEN}----------------------------------------${NC}" | |
| if [ -s "$TEMP_SAFE" ]; then | |
| cat "$TEMP_SAFE" | while IFS= read -r ext; do | |
| echo -e "${GREEN}✅ $ext${NC}" | |
| done | |
| else | |
| echo -e "${GREEN}沒有安全擴充功能${NC}" | |
| fi | |
| echo -e "${GREEN}----------------------------------------${NC}\n" | |
| # 統計摘要 | |
| echo -e "${BLUE}========================================${NC}" | |
| echo -e "${BLUE}統計摘要${NC}" | |
| echo -e "${BLUE}========================================${NC}" | |
| echo -e "總擴充功能數: $TOTAL_COUNT" | |
| echo -e "${GREEN}安全擴充功能: $SAFE_COUNT${NC}" | |
| echo -e "${RED}感染擴充功能: $INFECTED_COUNT${NC}" | |
| # 如果有感染擴充功能,提供額外的建議 | |
| if [ $INFECTED_COUNT -gt 0 ]; then | |
| echo -e "\n${YELLOW}安全建議:${NC}" | |
| echo "1. 立即解除安裝上述感染的擴充功能" | |
| echo "2. 執行以下指令批次解除安裝:" | |
| echo "" | |
| echo " # 解除安裝所有感染的擴充功能" | |
| echo -e "$INFECTED_FOUND" | while IFS= read -r ext; do | |
| if [ -n "$ext" ]; then | |
| echo " code --uninstall-extension $ext" | |
| fi | |
| done | |
| echo "" | |
| echo "3. 考慮掃描系統是否有異常" | |
| echo "4. 定期檢查擴充功能的安全性" | |
| fi | |
| # 清理暫存檔案 | |
| rm -f "$TEMP_INSTALLED" "$TEMP_INFECTED" "$TEMP_SAFE" | |
| echo -e "\n${BLUE}========================================${NC}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment