... to establish footholds within developer environments through trusted tooling channels. The operation follows a documented supply-chain pattern: infiltrate upstream package sources rather than end targets directly. Corrupted extensions distributed through legitimate registries bypass standard perimeter controls, as developer workstations typically treat registry-sourced packages as implicitly verified. Open sources - closed narratives