{"id":229758,"date":"2026-06-11T03:30:07","date_gmt":"2026-06-11T07:30:07","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/vs-code-adds-2-hour-extension-auto-update-delay-to-limit-supply-chain-attacks\/"},"modified":"2026-06-11T03:30:10","modified_gmt":"2026-06-11T07:30:10","slug":"vs-code-adds-2-hour-extension-auto-update-delay-to-limit-supply-chain-attacks","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/11\/vs-code-adds-2-hour-extension-auto-update-delay-to-limit-supply-chain-attacks\/","title":{"rendered":"VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks"},"content":{"rendered":"

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/06\/vs-code-adds-2-hour-extension-auto.html<\/a><\/p>\n

Publish Date: 2026-06-08 02:08:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

Summary:<\/strong>
\nMicrosoft has introduced a two-hour delay for automatic updates of extensions in Visual Studio Code (VS Code) to enhance protection against software supply chain threats. The feature, available in VS Code 1.123, ensures new extensions are updated with a two-hour buffer after publication to provide an additional safety net against potentially compromised or problematic releases. Users can still manually update extensions at any time via the \u201cUpdate\u201d button, and they will see which updates are pending along with reasons and expected automatic update times. This safeguard does not apply to extensions from trusted publishers like Microsoft, GitHub, and OpenAI, which update immediately. This move follows similar recent trends in RubyGems and package managers like Bun, pnpm, npm, and Yarn, where installation delays are implemented to prevent exposure to malicious versions released recently by reducing the time window for them to spread undetected.<\/p>\n

Key Points:<\/strong><\/p>\n