After npm (11.10.0, Feb 2026) and pnpm shipped minimum-release-age 'cooldown' settings, developers want the same protection for everything else that auto-updates, VS Code extensions most loudly. A 24-72h delay before adopting a freshly published version filters out the smash-and-grab supply-chain attacks that get yanked within hours, but IDEs and extension marketplaces have no such control and update by default.
builder note VS Code will likely add this for its own extensions eventually, so the durable play is the cross-surface policy layer (extensions plus actions plus base images) with per-publisher allowlists, since npm already proved teams want the exemptions the official setting won't give them.
landscape (3 existing solutions)
Package managers solved cooldowns in 2026, but the rest of the auto-updating dev surface (IDE extensions, plugins, CI actions, base images) still adopts new versions the instant they publish, which is exactly where the demand sits.
npm minimum release age Added a cooldown in 11.10.0 (Feb 2026), but it only protects npm installs and cannot exempt specific trusted packages; it does nothing for editor extensions or CI actions. pnpm minimumReleaseAge Cooldown defaults to 1 day in pnpm 11, but again only covers package installs in the dependency graph, not the IDE/extension auto-update surface. VS Code extension auto-update VS Code has no release-age or cooldown control for extension updates; extensions auto-update the moment a new version publishes, which is the exposure the 286 upvoters are asking to close. sources (1)
supply-chain-securityvscodedevsecopsdependenciesextensions
Teams shipping AI-generated code say review, not coding, is now the bottleneck, and today's AI reviewers just post more comments on every PR instead of deciding what needs human eyes at all. The opportunity is a layer that scores each PR's risk (blast radius, test coverage, path sensitivity) and auto-merges the trivial low-risk majority while escalating only genuinely risky changes to scarce human reviewers.
builder note Don't build another AI reviewer; the gap is the policy engine on top, a risk score teams trust enough to auto-merge the boring 70%, because trust is the only thing that actually removes review load.
landscape (3 existing solutions)
The 2026 AI-review tools all add review signal to every PR; none act as a triage layer that decides which changes can bypass human review, which is precisely the bottleneck teams describe.
CodeRabbit Diff-based AI review that comments on every PR, adding to the reading load rather than triaging which PRs can skip a human entirely. Greptile Deep codebase-graph bug catching, but it still produces review signal to read and has historically been noisy (many false positives); it does not route PRs by risk. Graphite Stacked-diff workflow with AI review woven in; optimizes PR size, not risk-based allocation of human attention, and has no auto-approve-low-risk gate. sources (1)
code-reviewai-codinggithubdeveloper-productivityci
Cross-platform .NET developers on VS Code (especially Mac/Linux users who can't fall back to full Visual Studio) are furious that C# Dev Kit's v3.20 update replaced the dedicated Solution Explorer with a merged native-Explorer 'C# Project Details' view that truncates the project tree and breaks how they navigate solutions. The opportunity is a maintained extension that restores a real solution/project tree wired into Dev Kit's build, debug, and test commands.
builder note The win isn't redrawing a tree, it's binding the tree to C# Dev Kit's build/debug/test commands so it actually drives the toolchain, which is exactly the integration the stale existing extension never had.
landscape (3 existing solutions)
Microsoft owns the regression and shows no sign of reverting it, and the one community Solution Explorer extension is stale, leaving cross-platform C# developers without a maintained in-editor project tree.
C# Dev Kit The official Microsoft extension that caused the regression. v3.20 folded Solution Explorer into the native Explorer as 'C# Project Details,' which users report truncates the project tree and removes the workflow they relied on. vscode-solution-explorer (fernandoescolar) The main community option, but it is stale: last release v0.9.2 on 2025-12-03, 56 open issues, and it predates and does not integrate with the current C# Dev Kit build/debug/test tooling. JetBrains Rider A full separate IDE (free for non-commercial use) rather than a fix; it is a heavy migration away from VS Code, not a tree view inside it. sources (2)
dotnetvscodecsharpdeveloper-experienceextension