openvsx icon indicating copy to clipboard operation
openvsx copied to clipboard
verified publisher icon eclipse

Extensions `zaciam.{cdeclsorter,javamethodsorter}` icon is an unrelated NSFW image

Open goyalyashpal opened this issue 6 months ago • 3 comments

  • images link: https://open-vsx.org/a2cfd830-09e9-496d-9daa-96624f0d08f5 https://open-vsx.org/65bce992-75f1-43de-b7bd-b8068a522d26

    Images previews

    Image

    Image

  • Extensions details:

    Name: C Declaration Sorter
Id: zaciam.cdeclsorter
Description: Sorts declarations in C according to the order of their definitions.
Version: 1.0.4
Publisher: zaciam

    Name: Java Method Sorter
Id: zaciam.javamethodsorter
Description: Sorts methods in Java classes and interfaces according to the order in the parent classes and interfaces.
Version: 1.0.5
Publisher: zaciam

  • found while searching with: "sort" on open-vsx.org

  • link to extensions listings on open-vsx: https://open-vsx.org/extension/zaciam/cdeclsorter https://open-vsx.org/vscode/item?itemName=zaciam.javamethodsorter

  • link to this namespace on open-vsx & elsewhere: https://open-vsx.org/namespace/zaciam/ https://marketplace.visualstudio.com/publishers/zaciam

  • link to upstream: repo (empty): https://github.com/zaciam/cdeclsorter repo (empty): https://github.com/zaciam/javamethodsorter user: https://github.com/zaciam

goyalyashpal avatar Jun 11 '25 14:06 goyalyashpal

  • i wonder how was it even approved.
  • i tried looking up for commit history or schema of this extension's open-vsx metadata (similar to other OSS repos like f-droid, etc.)
  • but couldn't find.

searches:

  • https://github.com/search?q=org%3Aeclipsefdn+zaciam
  • https://github.com/search?q=org%3Aeclipse+zaciam
  • https://github.com/search?q=zaciam

goyalyashpal avatar Jun 11 '25 14:06 goyalyashpal

self hiding as duplicate: assimilated in issue's main description

on trying to provide link to "found while ..." point above: https://open-vsx.org/?search=sort

i found that this user "zaciam" published another extension with similar inappropriate extension:

https://open-vsx.org/extension/zaciam/javamethodsorter

goyalyashpal avatar Jun 11 '25 14:06 goyalyashpal

cc @tfroment

amvanbaren avatar Jun 16 '25 07:06 amvanbaren

Thanks for bringing this to our attention @goyalyashpal. We've escalated the issue to the EMO team to review and advise on appropriate actions. We'll keep you posted as we make progress, cc @amvanbaren

tfroment avatar Jun 23 '25 15:06 tfroment

My apologies for the delay.

@amvanbaren please delete these extensions.

Taking the state of these extensions in their entirety, my sense is that there are shenanigans afoot. Please also revoke the user's publisher agreement.

waynebeaton avatar Jul 15 '25 14:07 waynebeaton