This is maybe a public service announcement, or a question for someone to confirm:
Just like many devs in the world, I too have been exploring the world of agentic coding…
Specifically, I installed Cursor IDE, and noticed the search-result’s Elixir LSP extension’s publisher was not JakeBecker– I could not find any JakeBecker Elixir LSP in Cursor’s marketplace search, what I found was the elixir-lsp publisher.
120k installs, ok, sure… but my security-minded self just wanted to check further.
My investigation resulted in:
- JakeBecker LS page in VS Code Marketplace points to the Elixir-lsp github repo
- This repo’s github actions release workflow lists that it publishes to:
- OpenVSX under the
elixir-lsppublisher - VS Code Marketplace still under
JakeBecker.
- OpenVSX under the
- Cursor switched their extensions marketplace to Open VSX
So, I conclude that I’m seeing a properly published extension from this Elixir-LSP team, and it’s not malware– unless someone else has additional information.
And that I’ll still be on the lookout for the new “Expert” LS.
