Contact us
Contact us

News

About

Home Crypto News VS Code delays automatic extension updates by two hours

VS Code delays automatic extension updates by two hours

Author Whitewallet Research
Posted: 8 June 2026, 07:32 CET 2 min read

Microsoft will delay automatic VS Code extension updates by two hours in version 1.123; updates from trusted publishers and manual installs are exempt.

Microsoft will make Visual Studio Code wait two hours before automatically installing newly published extension versions when automatic updates are enabled. The feature is available in VS Code 1.123.

When a publisher releases a new version, the editor will install it automatically two hours after publication. Users who want an update immediately can click the Update button in the extensions view to install the new version at once.

If an extension has a pending update, the extension details page shows the reason the update has not yet been applied and the scheduled time for the automatic update.

The two-hour delay does not apply to extensions from trusted publishers such as Microsoft, GitHub and OpenAI; those extensions continue to update immediately.

“When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection against problematic or potentially compromised releases,” Microsoft wrote.

The company said the setting gives a short interval during which issues can be detected and addressed before a release reaches many users, while preserving the option for manual updates at any time.

Similar timing controls have been added in other developer ecosystems. RubyGems introduced an opt-in cooldown in Bundler 4.0.13 to delay installation of newly published gems. Bun added minimumReleaseAge in 1.3 and later. npm introduced min-release-age in v11.10.0, pnpm added minimumReleaseAge in 10.16, and Yarn Berry provides npmMinimalAgeGate in 4.10.0 and later.

Registry maintainers and tool authors have said these controls reduce the window in which a newly published malicious package can spread before it is discovered and removed. Over the past year, maintainers reported increased incidents that used package distribution to deliver malware and breach developer systems; those reports prompted registries and tool authors to add timing safeguards.

Developers who depend on immediate patches from the named trusted publishers will not see a delay. Other extension users can either wait the short interval or install updates manually at any time.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE