Hardening VS Code extensions

Published on May 31, 2026.

VS Code extensions are updated automatically by default. Although I am careful when installing a new extension, I used to manage them less strictly than project dependencies. Here are the steps for my current workflow:

Disable automatic extension updates

Add the following settings to the VS Code user (global) settings:

{
  "extensions.autoCheckUpdates": false,
  "extensions.autoUpdate": false
}

Save a pseudo-lockfile of installed extensions

First, review the installed extensions and uninstall the unused ones. Then run the following command:

code --list-extensions --show-versions > vscode_extensions.txt

Keep the generated file somewhere, like in a dotfiles repo. This file makes it easier to get VS Code up and running after a fresh install (and if you don't use Settings Sync). To do so, run the following command:

xargs --max-lines=1 code --install-extension < vscode_extensions.txt

Update extensions manually

Run the Extensions: Check for Extension Updates command from the VS Code Command Palette to flag the extensions with available updates. Go through the list, check the repos and other resources for any reported issues, and update them if everything looks good.

If the latest version of one of the outdated extensions is less than 7 days old (or whatever cooldown period you follow), open the dropdown menu next to Uninstall and choose Install Specific Version..., or skip it this time.

Finally, update the pseudo-lockfile and repeat from time to time.