VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

VS Code Introduces 2‑Hour Delay for Automatic Extension Updates — Supply Chain Protection

VS Code вводит 2-часовую задержку автоматических обновлений расширений — защита цепочки поставок

Colleagues, a cybersecurity update: VS Code is introducing a two‑hour delay to automatic extension updates.

Briefly:
- Microsoft: with auto‑updates enabled, new versions will install two hours after publication.
- The delay does not apply to trusted publishers (Microsoft, GitHub, OpenAI).
- Extensions can still be updated manually; details will show the reason and scheduled auto‑update time.
- Package managers (npm, pnpm, Bundler, etc.) are adopting similar measures.

Why this matters: it reduces the window for distributing compromised releases and supply‑chain attacks.

How will you adapt to these measures in your development process?

#cybersecurity #supplychain #VSCode #DevSecOps

Latest comments

No comments yet.