The researchers provided a detailed list of the malicious packages and VSCode extensions with their SHA1 hashes at the bottom of their report, to help identify and mitigate supply chain compromises.