Extensions under Cursor IDE are not up to date with VSCode's Extension Marketplace.

[juddbaguio]

The attached photo above forced me to install the up-to-date rust-analyzer manually (https://www.cursor.com/how-to-install-extension). I hope Cursor can be up to date with the versions real-time.

[RikVoorhaar]

I ran into the same issue, thanks for pointing out how to install it manually. I think the issue is that cursor is now (since v.0.38) based on vscode 1.91.1(Jun 2024), and the most recent version supported for rust-analyzer is from 13 of May. Perhaps it's just the most recent supported version.

[liam-prevelige]

+1. I'm developing an extension and updates lag significantly behind VS Code. I support vscode v1.60.0^, so I imagine it's unrelated to Cursor being built from 1.91.1

[aaronvg]

Same issue here, cursor doesnt offer a way to update it even.

[Danielv123]

I am having the same issue. I am trying to install the factorio modding toolkit (search Factorio) and I only get version 1.1.47, while in vscode I get 2.0.3. The 2.0 update was released a month ago, I see no reason why it shouldn't be available.

[adityabaradwaj]

Same issue here.

[tylersmalley]

I am developing an extension and I can't seem to get it to show up at all. Any help would be greatly appreciated. https://marketplace.visualstudio.com/items?itemName=reviewai.reviewai

[massdo]

same

[xdumaine]

As far as I can tell this is because Cursor is based on a not-latest version of VSCode. (Currently 1.93, latest is 1.96) and so it only lists the latest version of the extension that is supported by the underlying VSCode version.

I.e., ms-python v2022.22.2 requires VSCode v1.94

When I try to manually install the latest version of the extension in cursor, I get this:

Edit: 🤦🏽 I basically repeated what @RikVoorhaar said above.

[MilesCranmer]

There is a known high-severity CVE for the VSCode Python extension:

• https://github.com/advisories/GHSA-36jr-8w83-wr8q
• https://nvd.nist.gov/vuln/detail/CVE-2024-49050

This was patched by v2024.20.0.

However, the current version of Cursor is stuck on an old version of the Python extension - version v2024.13.0 (or earlier) - which appears to have the CVE:

Pinging @truell20 @Sanger2000 @arvid220u in case this helps with visibility. (Love cursor btw.)

This means all Cursor clients that use the Python extension appear to be exposed to a high-severity CVE until this is patched – and might have been since this CVE was published (and immediately patched) on November 12, 2024.

I think this particular issue (which itself should be patched ASAP) demonstrates a broader problem of out-of-date extensions potentially having known CVEs and not getting patches, which results in publicly documented attack vectors that anybody could look up and exploit. If I could make any recommendations, it would be to please prioritise keeping cursor as up-to-date with the VSCode fork as possible.

Edit: tried to post this on the forums for visibility but the discourse bot flagged it for spam, so will have to leave it here for now.

[k90k90k90]

This is serious, one extra reason for me not completely switch onto cursor.

[hexxt-git]

same issue but the /how-to-install-extension link is no longer working

[serozhenka]

any updates here? also faced this issue with multiple extensions I need to update

[Daggron]

We are also facing the same issue, we shipped a bug in one of our extensions and fix is also rolled out but cursor is not showing any latest version available. Its been more than 12 hours since the release

[serozhenka]

@MilesCranmer and anyone else facing this issue

I was able to update official Microsoft extensions by removing them under the extensionMaxVersions key inside product.json under /Applications/Cursor.app/Contents/Resources/app on macOS.

[Nezteb]

As an example, if you search "Elixir" in the extensions tab looking for ElixirLS, it'll show you a link that redirects to a deprecated version of the extension: https://marketplace.cursorapi.com/items?itemName=elixir-lsp.elixir-ls (note the cursorapi.com domain)

But what I really want was: https://marketplace.visualstudio.com/items?itemName=JakeBecker.elixir-ls

As a workaround, I had to clone and compile the extensions I wanted using vsce package and loading the resulting .vsix file into Cursor manually:

• https://github.com/elixir-lsp/vscode-elixir-ls#installation
• https://code.visualstudio.com/api/working-with-extensions/publishing-extension#vsce

I've done this with several extensions so far with no issues, but I acknowledge that this makes it more onerous on users who want to update their extensions regularly. The core issue should be addressed officially.

[mamiu]

Some extensions are missing entirely. E.g. https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-containers

I'm on the latest version of Cursor.

[alex-jitbit]

What's even crazier is that I tried installing a more recent extension version from VSIX, and after restarting Cursor - I'm back to the out-of-date version!

I'm guessing Cursor is doing this to prevent VSCode marketplace license violation or something. Given the recent news about MS banning all VSCode forks from using some official extensions like Python, C#, C++ etc

[Gby56]

Just had to force it and modify the extensionMaxVersions in product.json for the same reason, saving any python file was causing a major freeze, could not add any newlines in the file/edit it. I suspect the Pylance LSP is too old/crashing for some reason.

[nasrulgunawan]

@serozhenka @mamiu I still keep VSCode installed on my machine for now to work around this issue. So, when I need to update an existing extension or install a new one that's not available in Cursor, I do it in VSCode instead, and then import it into Cursor.

[nathan-fiscaletti]

For me, importing the extensions from VSCode did not work.

Instead, I had to:

1. In VSCode, find the extension I wanted.
2. Click the cog icon to drop down a menu and select "Download VSIX".
3. In Cursor, select the "Extensions" tab.
4. Drag the VSIX file into the extensions tab to install it.