INFORMATIONAL
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft will apply a two-hour delay before Visual Studio Code automatically updates installed extensions to newer versions. The change gives the security community a window to flag malicious or compromised extension updates before they reach users at scale, directly targeting the supply chain risk of auto-updating IDE extensions. Developers who rely on VS Code extensions don’t need to take any action — the delay applies automatically when auto-update is enabled.