I've never heard of this. It sounds like a solid default to me. If you _really_ need an update you can override it, but it should remain the default and not allow opting out.

▲

deevus 3 days ago | parent [-]

https://github.com/pnpm/pnpm/issues/9921

▲

artursapek 3 days ago | parent [-]

the funny thing about this is if everyone has the same cooldown, aren’t we back in the same boat?

sure there are other ways for the package maintainer to notice they were pwned, but often they will not notice.

	▲	Raed667 3 days ago \| parent [-]
		The cool down isn't for end users. It is for package maintainers and scanners.