VS Code Introduces 2‑Hour Delay for Automatic Extension Updates — Supply Chain Protection

Colleagues, a cybersecurity update: VS Code is introducing a two‑hour delay to automatic extension updates.
Briefly:
- Microsoft: with auto‑updates enabled, new versions will install two hours after publication.
- The delay does not apply to trusted publishers (Microsoft, GitHub, OpenAI).
- Extensions can still be updated manually; details will show the reason and scheduled auto‑update time.
- Package managers (npm, pnpm, Bundler, etc.) are adopting similar measures.
Why this matters: it reduces the window for distributing compromised releases and supply‑chain attacks.
How will you adapt to these measures in your development process?
#cybersecurity #supplychain #VSCode #DevSecOps


Latest comments
No comments yet.