PANews reported on April 21 that according to a post forwarded by SlowMist Technology Chief Information Security Officer 23pds from X platform user @mrdotparasyte, a suspicious VSCode plug-in named JuanFranBlanco.solidit-vscode was discovered. The download volume of this plug-in is suspected to be obtained through improper means, the plug-in information is also suspicious, and the "solidit" in the plug-in identifier is obviously a typo. This plug-in has been in existence for two or three days, and it is not clear how many developers have accidentally been "hit". At present, supply chain attacks against developers are becoming more and more rampant, especially VSCode plug-ins and npm packages that have not been officially reviewed, which have become the hardest hit areas for such attacks. Hereby remind all developers to be vigilant and carefully identify when installing third-party plug-ins or packages.