Topic digest

VS Code news and engineering summaries

Monitor VS Code editor developments, extensions, workspaces, and remote development. Our digest aggregates marketplace trends, debugging, and Microsoft tooling from developer communities.

23 recent stories

Latest ranked stories

Current VS Code stories

These stories are ranked from recent public source activity and shown as a preview of what a configured digest can deliver.

VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usage
01Saturday, May 2, 2026

VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usage

A recent VS Code Git extension update enabled 'git.addAICoAuthor' by default, automatically adding 'Co-authored-by: Copilot' trailers to commits. This change faced severe community backlash due to privacy concerns, lack of transparency, and reports of the trailer being injected even when Copilot features were disabled or not used, leading to widespread dissatisfaction among developers.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

1-Click GitHub Token Stealing via a VSCode Bug
02Tuesday, June 2, 2026

1-Click GitHub Token Stealing via a VSCode Bug

A vulnerability in VSCode’s webview security allows for unauthorized GitHub token exfiltration. By exploiting keydown events within webviews, an attacker can trick users into installing malicious extensions via linked repositories. This flaw enables access to private repositories and full code execution. Users are advised to clear browser site data for github.dev to mitigate risks.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

GitHub confirms breach of 3,800 repos via malicious VSCode extension
03Wednesday, May 20, 2026

GitHub confirms breach of 3,800 repos via malicious VSCode extension

GitHub confirmed a breach of approximately 3,800 internal repositories after an employee installed a malicious VS Code extension. The company contained the incident, removing the trojanized plugin. While the hacker group TeamPCP has claimed responsibility and attempted to sell the stolen data, GitHub states there is no evidence that customer data was compromised.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News919 pts
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
04Monday, June 8, 2026

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has introduced a mandatory two-hour delay for automatic VS Code extension updates to mitigate software supply chain risks. This safety measure, which exempts trusted publishers like Microsoft and OpenAI, mirrors similar timing-based controls recently adopted by package managers like npm, pnpm, and RubyGems to prevent the spread of malicious code.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Reddit753 pts
A History of IDEs at Google
05Saturday, May 9, 2026

A History of IDEs at Google

Google transitioned from a fragmented IDE ecosystem to a unified, web-based platform called Cider, eventually leveraging the VSCode frontend. By integrating internal monorepo tools with a powerful remote backend, Google achieved high productivity and enabled rapid deployment of AI-driven developer features, demonstrating the significant leverage gained by standardizing on a single, extensible IDE.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Fake Job Interviews Are Installing Backdoors on Developer Machines
06Wednesday, February 25, 2026

Fake Job Interviews Are Installing Backdoors on Developer Machines

Microsoft warns of a phishing campaign targeting developers with fake Next.js job assessments. The attack uses VS Code workspace automation, npm build tasks, and backend scripts to install backdoors and exfiltrate credentials. Attackers leverage social engineering to compromise developer machines, gaining access to cloud secrets, tokens, and source code.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Show HN: OSS Agent I built topped the TerminalBench on Gemini-3-flash-preview
07Monday, April 27, 2026

Show HN: OSS Agent I built topped the TerminalBench on Gemini-3-flash-preview

Dirac is an open-source coding agent that topped the Terminal-Bench-2 leaderboard with 65.2% accuracy. By utilizing hash-anchored edits and AST-native precision, it reduces API costs by 64.8% compared to competitors. Dirac offers high-bandwidth context curation and multi-file batching, enabling efficient, automated refactoring within VS Code or via CLI.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News330 pts
Cherri – programming language that compiles to an Apple Shortuct
08Friday, March 27, 2026

Cherri – programming language that compiles to an Apple Shortuct

Cherri is a programming language designed to build complex, maintainable Apple Shortcuts. It offers a CLI, VSCode extension, and macOS IDE, supporting features like package management, type checking, and function scoping. By compiling to runnable Shortcuts, it improves development efficiency and reproducibility compared to building within the Shortcuts app directly.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News303 pts
Threat actors expand abuse of Microsoft Visual Studio Code
09Tuesday, January 20, 2026

Threat actors expand abuse of Microsoft Visual Studio Code

Jamf Threat Labs has identified a new evolution in the Contagious Interview campaign by North Korean threat actors, targeting developers through malicious Visual Studio Code configurations. By tricking users into trusting a cloned repository, attackers abuse tasks.json files to execute malicious JavaScript payloads and establish backdoors for remote code execution. This campaign demonstrates a shift toward abusing legitimate developer tools and workflows to bypass security and maintain persistence on victim systems.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News262 pts
I use excalidraw to manage my diagrams for my blog
10Sunday, March 29, 2026

I use excalidraw to manage my diagrams for my blog

The author streamlined their blog's image workflow by automating Excalidraw exports. After struggling with manual exports and slow GitHub Actions, they customized the Excalidraw VSCode extension to automatically generate light and dark mode SVGs whenever a frame named with the 'export_' prefix is updated, enabling seamless local live previews and faster content creation.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News242 pts
Billing can be bypassed using a combo of subagents with an agent definition
11Tuesday, February 3, 2026

Billing can be bypassed using a combo of subagents with an agent definition

This report details a significant security and billing bypass vulnerability within the Copilot Chat extension for VS Code. The exploit leverages the architectural implementation of subagents and tool calls, which do not currently consume premium request credits. By initiating a session with a free model like GPT-5-mini and defining a custom agent configured to use a premium model such as Claude Opus 4.5, users can orchestrate 'free' premium model usage. The vulnerability allows the free orchestrator model to trigger expensive subagent calls indefinitely. Furthermore, the analyst identifies potential for automated loops and a lack of server-side API validation for message types, suggesting a broader risk of service abuse. Despite being reported to Microsoft Security Response Center, the issue was deemed out of scope for security rewards and redirected to public bug tracking.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News175 pts
VisualJJ – Jujutsu in Visual Studio Code
12Wednesday, January 28, 2026

VisualJJ – Jujutsu in Visual Studio Code

VisualJJ is an innovative extension for Visual Studio Code designed to simplify version control by integrating Jujutsu (JJ) with Git and GitHub. It provides a visual, interactive change tree that allows engineers to stay in their creative flow while managing complex versioning tasks. The tool enables users to rebase and reshape commit history through drag-and-drop actions, significantly reducing the anxiety associated with traditional Git operations. Furthermore, VisualJJ streamlines conflict resolution by treating conflicts as part of the draft state, allowing for step-by-step fixes. By integrating pull-request tracking directly within the editor, it creates a seamless transition from local development to production, enhancing overall developer productivity and confidence.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News160 pts
1.38 Millimeter Microcontroller
13Friday, June 26, 2026

1.38 Millimeter Microcontroller

The MSPM0 SDK is a comprehensive software development kit for the MSPM0 microcontroller platform. It provides essential tools, documentation, and device support for high-performance, low-power 32-bit Arm Cortex-M0+ applications. The ecosystem includes IDEs like Code Composer Studio, configuration tools like SysConfig, and migration support, simplifying development and enabling modular, portable code across the MSPM0 series.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News132 pts
Show HN: MDV – a Markdown superset for docs, dashboards, and slides with data
14Saturday, April 18, 2026

Show HN: MDV – a Markdown superset for docs, dashboards, and slides with data

mdv is a lightweight Markdown superset designed for creating documents, dashboards, and slides. It adds YAML front-matter, fenced blocks for charts and stats, and simple containers for layouts. Renders include self-contained HTML and PDF outputs, supported by a CLI and a VS Code extension for live previewing. It avoids complex code, focusing on style-driven document rendering.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News121 pts
Expanding Swift's IDE Support
15Wednesday, April 8, 2026

Expanding Swift's IDE Support

Swift is expanding its IDE support by launching the official Swift extension on the Open VSX Registry. This enables developers to use the Swift extension in editors like Cursor, VSCodium, and other LSP-compatible IDEs, bringing features like code completion, debugging, and Swift Package Manager support to macOS, Linux, and Windows environments.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News121 pts
Linuxulator on FreeBSD Feels Like Magic
16Sunday, February 22, 2026

Linuxulator on FreeBSD Feels Like Magic

The author shares a method for achieving seamless remote development on FreeBSD using Visual Studio Code's Remote SSH extension. By leveraging FreeBSD's Linuxulator to run Linux binaries, they overcome platform incompatibility, replacing slow NFS/SSHFS setups with a high-performance workflow that supports ARM64 environments and VS Code extensions flawlessly.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News111 pts
Show HN: Nogic – VS Code extension that visualizes your codebase as a graph
17Wednesday, January 14, 2026

Show HN: Nogic – VS Code extension that visualizes your codebase as a graph

Nogic is a powerful extension designed for VSCode that allows developers to visualize their codebase structure through interactive diagrams. By automatically indexing the project, the tool provides a unified view of files, classes, and functions within a hierarchical graph. Key features include the creation of custom boards for focused analysis, detailed class diagrams showing inheritance, and call graphs for tracing function dependencies. With real-time auto-sync, any changes made to the code are instantly reflected in the visualization. This tool enhances productivity by helping engineers navigate complex architectures and understand relationships within their software projects more effectively.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News111 pts
πŸŽ₯AI Chat, AI Cheering Messages, and Animation Editor Hyper (AI Avatar v10: VS Code and Chrome Extension)
18Monday, June 8, 2026

πŸŽ₯AI Chat, AI Cheering Messages, and Animation Editor Hyper (AI Avatar v10: VS Code and Chrome Extension)

AI Avatar is a free tool animating VRM 3D avatars via AI chat integration. Recent updates include support for Gemini API and local LLMs via Ollama, along with generative AI cheering messages. Furthermore, the newly revamped Animation Editor Hyper simplifies 3D animation with a full-tab interface, bone trails, multi-view displays, and VRMA export capabilities for improved usability.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Dev.to84 pts
Is anyone still using Emacs?
19Friday, June 19, 2026

Is anyone still using Emacs?

The author recounts a nearly 30-year journey navigating text editors, from initial experiences with Vim and Emacs to VSCode and IntelliJ. Rediscovering Emacs via Doom Emacs, the author finds it invaluable for remote development across diverse machines. Despite modern alternatives, Emacs remains a terminal-based productivity powerhouse, specifically when combined with LSP and tree-sitter integration.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Lobsters80 pts
Show HN: Capacitor Alarm Clock
20Sunday, June 14, 2026

Show HN: Capacitor Alarm Clock

This ESP32-powered capacitor alarm clock is a creative, albeit dangerous, project inspired by ElectroBOOM. It features a custom PCB, web-based settings, and an OLED display. The device intentionally triggers capacitor explosions as an alarm, requiring careful handling and specific hardware choices to function as a high-effort, practical joke.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News115 pts

Get a VS Code digest by email

Create a Snapbyte.dev digest and choose VS Code as one of your topics.

Snapbyte workflow

Build a digest around your developer updates

Choose topics, sources, language, schedule, and timezone. Snapbyte turns that setup into a focused digest with summaries and original links.