https://www.infoq.com InfoQ Visual Studio Code News feed https://www.infoq.com/news/2026/06/vscode-extension-update-delay/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Visual+Studio+Code-news <img src="https://www.infoq.com/styles/static/images/logo/logo_bigger.jpg"/><p>VS Code 1.123 adds a two-hour delay before auto-updating extensions to newly published versions, creating a revocation window against supply chain attacks. The delay does not apply to trusted publishers like Microsoft, GitHub, and OpenAI. Similar cooldown mechanisms have now spread across pip, RubyGems, npm, pnpm, Yarn, and Bun.</p> <i>By Steef-Jan Wiggers</i> Visual Studio Code Application Security Software Supply Chain Development Architecture & Design DevOps news Thu, 18 Jun 2026 10:15:00 GMT https://www.infoq.com/news/2026/06/vscode-extension-update-delay/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=Visual+Studio+Code-news Steef-Jan Wiggers 2026-06-18T10:15:00Z /news/2026/06/vscode-extension-update-delay/en