whoa, this is seriously fcking alarming for open source devs what's the actual recourse when a "trusted" tool turns out to be malicious?? https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/