The new cooldown is meant to catch hijacked extension maintainer accounts before malicious code reaches all users, but Microsoft, GitHub, and OpenAI can still push updates instantly while other ecosystems now use delays measured in days.
VS Code 1.123 shipped a new two-hour cooldown on extension auto-updates on June 3. The three publishers the policy exempts from that delay are the ones attackers want most.
For a reader who has not used VS Code, the doorway terms: "extensions" are third-party plugins that run inside the editor and add features or language support. A "supply chain attack" in this context means an attacker who compromises an extension maintainer's account and pushes a malicious update to every developer who has that extension installed. The cooldown exists to give maintainers and operators a window to notice and pull a bad release before it reaches all of their users.
VS Code's own release notes describe the two-hour wait as an "extra layer of protection" against exactly that scenario. Version 1.123 shipped on June 3, 2026, and the delay is designed to give the VS Code team and extension maintainers a window to detect and pull a compromised release before it rolls out to all users. Users can still trigger a manual update during the delay window.
The structural problem is the carve-out. Extensions published by Microsoft, GitHub, and OpenAI are classified as "trusted publishers" and continue to update instantly, per the official release notes. Those are also the highest-value targets for maintainer-account compromise: an attacker who lands credentials for Microsoft's own extension pipeline, or for OpenAI's, gets the keys to a vast installed base in one shot. The trust list inverts the threat model by exempting the publishers with the largest install bases from the only new check.
Then there is the duration. Other package ecosystems have moved to cooldowns measured in days rather than hours. Pip 26.1, RubyGems, npm, pnpm, Yarn, and Bun have all introduced minimum release age settings, per the same InfoQ analysis. Research found that a seven-day cooldown would have stopped 8 of 10 analyzed supply chain attacks — a comparison that makes VS Code's two-hour window look like a speed bump rather than a barrier.
The community has noticed. The top comment on the Reddit thread discussing the change, at more than 650 upvotes, calls the two-hour window far too short to be useful for any realistic detection and pull workflow. That is the operator's complaint in plain language: a security team that has to detect a malicious extension update, verify it, and get a trusted publisher to pull it cannot realistically finish that loop in 120 minutes.
What this leaves developers and security leads with is a concrete question to take back to their teams. Does the VS Code extension update policy in your environment account for the fact that Microsoft, GitHub, and OpenAI extensions update instantly while everything else waits two hours? And is two hours actually enough time for the detection and pull decision the policy assumes will happen?
The actionable next step, for those who care about closing the gap, is to ask the tooling for one of three things: a longer default cooldown, a narrower trust list, or a separate verification step for trusted-publisher updates. The June 3 release does not deliver any of those. It delivers a delay, with a named exemption, and asks users to treat that as the new floor.