alt Hacker NewsYou should definitely show the vulnerabilities you found on the front page, instead of showcasing low scores given to popular extensions. Claiming that "rust-analyzer" is "High Risk" is a strong turn-off from me thinking your service is useful (why? because it contains shell commands in the form of "taskDefinitions", and because it uses a dependency to parse ANSI sequences that hasn't received a commit in the past 90 days).
Thanks for the feedback. I am constantly trying to refine the scoring metrics to make sure that these popular extensions that often need high permissions aren't flagged as a lower score than they should receive. It is a bit difficult though as higher permissions do indicate a higher potential for abuse so its a balancing act. As for showcasing the vulnerabilities that's a good idea I'll definitely implement.