Skip
to
content 
Message from the madman
The content in this blog post is intended for informational and entertainment purposes only and should not be construed as legal advice. The views and opinions expressed herein are solely those of the author and do not necessarily reflect the official policies or positions of any affiliated organizations or individuals.
This post discusses events, opinions, and interpretations related to the Material Theme controversy as they were understood at the time of writing. While every effort has been made to ensure the accuracy of the information presented, no guarantee is made regarding its completeness, accuracy, or timeliness. Readers are encouraged to verify the details and consult multiple sources before drawing any conclusions.
The author is not a legal professional. If you have any legal questions or concerns regarding the content of this post or any related issues, please seek the advice of a qualified attorney. By reading this post, you agree that the author shall not be held liable for any errors, omissions, or any actions taken based on the information provided.
From Sublime Beginnings to VS Code Stardom
The Material Theme wasn’t born yesterday. It started life as a theme for Sublime Text (remember Sublime, the hipster editor of the 2010s?) and quickly earned a reputation for its slick, vibrant take on Google’s Material Design aesthetic. Created by Mattia Astorino, known online as equinusocio, the theme was so well-crafted that it attracted over 11,000 stars on GitHub. Developers loved its attention to detail: carefully chosen colors, consistent typography, and even subtle animations gave their code editor a fresh coat of paint. It was, as Astorino himself touted, “the most popular and epic editor theme”. This theme didn’t just stay in one lane; it was ported to multiple editors including VS Code, Atom, and even JetBrains IDEs, ensuring that no developer was left without a taste of Material goodness.
The arrival of Material Theme on Visual Studio Code was like a celebrity guest entering a party—it instantly drew attention. VS Code’s default themes were fine, but Material Theme was fancier. It allowed developers to choose from variants like Ocean, Darker, Lighter, and more, giving their editor a personalized, polished look. By the mid-2010s, installing Material Theme in VS Code had become almost a rite of passage for those who craved style with their code. It wasn’t just about looks either; the theme package included an icon pack (Material Theme Icons) so your file explorer could look as snazzy as your editor. Together, Material Theme – Free and Material Theme Icons – Free amassed nearly 9 million installs. This was a theme that truly materialized in every developer’s toolkit.
Meet Mattia Astorino: The Man Behind the Theme
Mattia Astorino – UI engineer by day, open-source developer by night, and apparently an amateur photographer in his spare time – became something of an accidental celebrity in the VS Code ecosystem. Under the alias equinusocio, he gave us Material Theme and its many shades. His work was so impactful that other themes openly credited him; one Visual Studio marketplace listing for a “Sublime Material Theme” explicitly gave him credit as the original creator. Astorino’s reputation in the community was a mix of admiration for his design chops and a touch of bemusement at his later escapades. He’s the kind of character you’d find in a sitcom about coders – the passionate theme artist who suddenly takes a dramatic turn in the plot.
For years, Astorino maintained Material Theme as an open-source project under the Apache 2.0 license, which encouraged community contributions. However, the plot thickened when he decided to commercialize the theme. In a move that left some users spitting out their coffee, Mattia closed the source of Material Theme and introduced a paid “premium” version, re-licensing the project under his own custom (some say draconian) license. He even threatened to sue anyone who copied the theme’s colors or name! This earned him a bit of a villainous aura in parts of the open-source community, with one prominent developer going so far as to label him “dangerous” for the ecosystem. It was a bold heel turn – imagine your favorite open-source maintainer suddenly twirling a mustache and monologuing about world domination. Okay, it wasn’t quite that dramatic, but you get the idea. The once beloved theme maker now had a more controversial reputation, and some community members started watching his moves with a skeptical eye.
When a Theme Goes Dark: Microsoft’s Ban and Malicious Code Allegations
On an otherwise normal day in late February 2025, millions of VS Code users were greeted with a not-so-friendly notification from their editor: “We have uninstalled ‘equinusocio.vsc-material-theme’ which was reported to be problematic.” Same for the icon pack extension. It was as if VS Code itself had decided to stage an intervention. The sudden removal of Material Theme – automatically, by Microsoft – left developers simultaneously confused and impressed (who knew VS Code could yank an extension out like that?). Soon after, the Visual Studio Marketplace listing for these extensions vanished. Microsoft had dropped the ban hammer.
So, what triggered this dramatic excommunication? According to Microsoft and external security researchers, Material Theme’s latest update contained malicious code. This wasn’t a run-of-the-mill bug or a dodgy color scheme. We’re talking about actual sneaky, suspicious code hiding in the extension. Specifically, an investigation by cybersecurity experts Amit Assaraf and Itay Kruk (who apparently spend their days catching VS Code extensions behaving badly) found that the theme extension contained heavily obfuscated JavaScript in a file named release-notes.js. For a VS Code theme, that’s weird – themes are usually just static JSON files painting your editor in different hues, not running complex scripts. The obfuscated file, once partially de-scrambled, showed references to things like “username” and “password” – red flags so bright they could guide Santa’s sleigh. Immediately, everyone’s question was: Was Material Theme stealing my passwords while making my VS Code look pretty?
The evidence pointed to a serious supply-chain attack scenario. The researchers suspected that either someone compromised a dependency that Material Theme used, or maybe even hijacked Astorino’s publisher account to slip in the nasty code. In fact, it turned out Material Theme relied on an old dependency, an npm package from Sanity.io used for fetching release notes (because who doesn’t love a live changelog?). That dependency hadn’t been updated since 2016 and had quietly become, well, insane. Microsoft’s team confirmed multiple “red flags” in the extension code indicating malicious intent. They wasted no time: on Feb 25, 2025, Microsoft removed both “Material Theme – Free” and “Material Theme Icons – Free” from the marketplace, banned Astorino’s account, and even triggered automatic uninstalls for any user who had them installed. Talk about going nuclear!
Microsoft was quick to clarify (perhaps to preempt any conspiracy theories) that this wasn’t about licensing drama or trademark tussles – it was purely a security issue. For a company that often gets flak for slow responses, this time they moved at breakneck speed to protect users. But in doing so, they also accidentally kicked off a cascade of VS Code notifications that confused thousands: imagine opening your editor to find your beloved theme gone and a cryptic “reported to be problematic” message instead. Many developers had their productivity interrupted by this forced ban, ironically by a theme that was supposed to improve their workflow, not break it.
Astorino’s Defense: “It Wasn’t Me (It Was Sanity.io)!”
Mattia Astorino didn’t stay silent for long. Finding all his extensions yanked and his name in headlines, he took to GitHub and social media to explain – in a post equal parts defensive and frustrated – that this was all a big misunderstanding. According to Astorino, the theme never deliberately shipped malware. The culprit was that outdated Sanity.io dependency which “looks compromised”. In his own words: “nothing harmful was ever shipped within Material Theme… We just had an outdated sanity.io dependency used since 2016 to show release notes… now it looks compromised”. He pointed out that dependency had been there for years, passing all checks until now.
What really seemed to grind his gears was Microsoft’s handling of the situation. Astorino lamented that no one from Microsoft reached out to him before dropping the ban hammer. “They just pulled down everything causing issues to millions of users,” he fumed. He claimed he could have fixed the issue in a “quick 30-second fix” by simply removing the bad dependency, had he been given the chance. Instead, his extensions were censored without warning – a move he described as a “really sad day” caused by “stupid and ignorant people” spreading false information (yes, he really said that, and even blamed a certain YouTuber’s exposé video for fanning the flames).
Astorino’s response had a mix of valid points and eyebrow-raising remarks. On one hand, he’s correct that a compromised third-party library can blindside a developer – software supply chain attacks are the boogeyman of modern development, after all. On the other hand, leaving a dependency untouched since 2016 is a bit like leaving milk out of the fridge for a week and then being shocked it turned sour. It didn’t help Astorino’s image that he had recently closed-sourced the theme and obfuscated parts of his code (“for commercial reasons,” he said). Obfuscating code in an extension with millions of installs is like walking into airport security with sunglasses and a trench coat – you’re technically allowed to, but you’re definitely going to raise suspicions. Astorino argued that if you deleted the obfuscated file, the theme still worked fine with just JSON, implying “see, nothing to hide here!”. But by then, trust was eroding fast.
Community Reaction: Forks, Fury, and Funny Business
The VS Code community is no stranger to drama (remember when tabs vs spaces was the biggest debate of our time?), but this incident set off a firestorm. Online forums lit up with posts like “Security PSA: Uninstall Material Theme NOW!” and “What on earth happened to Material Theme?”. On Reddit, users warned each other that the extension was yanked for malware and discussed how to manually excise any remaining bits of it from their systems (some even had to delete the extension folder and JSON entries to stop VS Code’s nagging). Many expressed a mix of shock and disappointment: shock that a trusted theme could go rogue, and disappointment that a part of their daily coding setup was suddenly tainted.
Some community members sided with Astorino, believing that he was a victim of a supply-chain attack and overzealous policing. They argued Microsoft could have given a courtesy heads-up or temporary de-listing rather than a full ban. After all, breaking millions of dev environments (even if just their theme and icons) overnight is not a great way to win hearts. Others, however, were firmly in the “Astorino messed up” camp. Prominent voices in the community did not mince words. Developer and YouTuber Theo (t3dotgg) wrote a scathing blog post titled “Mattia Astorino (equinusocio) Is Dangerous”, accusing him of mismanaging the theme to the point “the result is indistinguishable from malware”. That post recounts how Astorino “went insane” by begging for money and launching a paid version, even threatening legal action against anyone who forked or mimicked the theme. In Theo’s view, the malicious code finding was just the cherry on top of a cake of poor decisions. He even revealed he’d been maintaining a fork of Material Theme ever since Astorino started those license shenanigans, anticipating trouble.
In true open-source spirit, as soon as Material Theme was taken down, developers began working on community-driven alternatives. Within a day, there were discussions about forking the last known safe version of the theme. One cheekily-named fork by t3dotgg was dubbed “vsc-material-but-i-wont-sue-you” – a playful jab at the drama over Astorino’s past legal threats. This fork aimed to strip out any suspicious code and re-publish the theme so people could get their favorite colors back without fear of malware or lawsuits (what a combo!). Sure enough, several developers and even the DEV community blog encouraged users to switch to these forked, cleaned versions if they still craved that Material look.
The incident also sparked discussions about marketplace security vs developer relations. Some argued Microsoft did the right thing – when millions of users are at risk, you act first and ask questions later. Others felt bad for Astorino as an individual, suggesting that nuking his account without a chance to respond was heavy-handed. (To be fair, from Microsoft’s perspective, if they truly believed the extension could be stealing data, waiting around could have been far worse.) The whole episode became a case study in what can go wrong in a world of interconnected software. As one commentator wryly observed, we now have to worry about our color themes exfiltrating data – what a time to be a developer!
Aftermath and Lessons Learned
In the weeks since, the dust has begun to settle. Microsoft has promised to publish more details about exactly what the malicious code was up to (the world is genuinely curious if a theme was trying to moonlight as a keylogger or something). Astorino, having cut ties with Microsoft (“our account has been blocked/banned… we don’t know if we want to interact with [Microsoft] anymore” he wrote in frustration), reportedly released a new “completely rewritten” theme extension with no dependencies – cheekily named “Fanny Theme” – which was also promptly removed from the marketplace by Microsoft. It seems there’s no quick redemption on that platform for now. Meanwhile, community-maintained Material theme forks and alternative themes like One Dark Pro or GitHub Theme have seen upticks in downloads as developers seek safe harbors for their IDE customization needs.
For developers, this saga has been a rollercoaster and a valuable reminder. First, it highlights the importance of vigilant maintenance of dependencies – even something as innocuous as a theme can become a security hole if a third-party library goes bad and no one notices. Second, it underscores why we can’t have nice (open-source) things without a bit of drama. The open-source community is built on trust and collaboration, and when a high-profile maintainer takes actions perceived as hostile (be it threatening lawsuits or neglecting security), the community will respond – sometimes with pitchforks, sometimes with empathy, often with forks (the code kind, not the pitchfork kind). Lastly, it’s a story about the delicate balance for platform owners like Microsoft: they must protect users, but the way they do so can make or break the goodwill of developers who contribute to their ecosystem.
In the end, the Material Theme controversy will likely be remembered as the time a VS Code theme almost started a civil war of sorts in the developer world. It’s a cautionary tale, but also one with a dash of humor – I mean, who would’ve thought a color theme could cause headlines and heated debates? As one might joke, “Material Theme went on a journey from Material Design to Material Evidence.” Bad puns aside, we’re glad the issue is out in the open. The VS Code editor might look a little less “material” for now, but at least we can code with some peace of mind. And to Mattia Astorino – thanks for the memories and the stylish editor, and best of luck. May your future contributions be bright (just maybe not obfuscated).
