FG
💻 Software🛠️ Developer ToolsMicrosoft

(FR): Implement 'minimumReleaseAge' as a security feature (like pnpm added recently)

Freshabout 1 month ago
Mar 14, 20260 views
Confidence Score81%
81%

Problem

Ref: https://github.com/pnpm/pnpm/issues/9921 https://pnpm.io/settings#minimumreleaseage https://socket.dev/blog/pnpm-10-16-adds-new-setting-for-delayed-dependency-updates https://github.com/raineorshine/npm-check-updates/issues/1532 Copying an excerpt from one of these articles: > Following a wave of high-profile supply chain attacks targeting popular npm packages, pnpm has shipped a new minimumReleaseAge setting in version 10.16 that delays installation of newly published packages.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
High Confidence Fix
77% confidence100% success rate5 verificationsLast verified Mar 14, 2026

Solution: (FR): Implement 'minimumReleaseAge' as a security feature (like pnpm added recently)

Low Risk

There is also this RRFC for npm from 2022: - https://github.com/npm/rfcs/issues/646 Maybe this new issue would be considered as a duplicate of this other issue.

77

Trust Score

5 verifications

100% success
  1. 1

    There is also this RRFC for npm from 2022:

    There is also this RRFC for npm from 2022:

  2. 2

    https://github.com/npm/rfcs/issues/646

    - https://github.com/npm/rfcs/issues/646

  3. 3

    Maybe this new issue would be considered as a duplicate of this other issue.

    Maybe this new issue would be considered as a duplicate of this other issue.

Validation

Resolved in npm/cli GitHub issue #8570. Community reactions: 8 upvotes.

Verification Summary

Worked: 5
Partial: 1
Last verified Mar 14, 2026

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

npmpackage-managernodejs