Back to all posts
1 min readfrom InfoQ

VS Code 1.123 Adds Two-Hour Extension Update Delay to Limit Supply Chain Attacks

VS Code 1.123 Adds Two-Hour Extension Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before auto-updating extensions to newly published versions, creating a revocation window against supply chain attacks. The delay does not apply to trusted publishers like Microsoft, GitHub, and OpenAI. Similar cooldown mechanisms have now spread across pip, RubyGems, npm, pnpm, Yarn, and Bun.

By Steef-Jan Wiggers

Want to read more?

Check out the full article on the original site

View original article

Tagged with

#no-code spreadsheet solutions
#rows.com
#VS Code
#extensions
#update delay
#supply chain attacks
#revocation window
#trusted publishers
#Microsoft
#GitHub
#OpenAI
#pip
#RubyGems
#npm
#pnpm
#Yarn
#Bun
#cooldown mechanisms
#auto-updating
#security