| ▲ | tjansen 4 hours ago | |
I wonder whether there is any tool that can prevent npm from downloading any package that has been published in the last month. While I miss out on possible fixes, this would prevent downloading some 3rd level dep that takes over my machine. | ||
| ▲ | backwardsponcho 3 hours ago | parent | next [-] | |
NPM seems to have introduced the flag `minimumReleaseAge` for this exact purpose. However even though are many recent references to it[0][1][2] I don't see it anywhere in the NPM documentation. [0] https://news.ycombinator.com/item?id=47513932 [1] https://github.com/npm/cli/issues/8570 [2] https://socket.dev/blog/npm-introduces-minimumreleaseage-and... | ||
| ▲ | lmiller1990 4 hours ago | parent | prev | next [-] | |
pnpm has this, I think others may also have something similar. | ||
| ▲ | janekies 4 hours ago | parent | prev [-] | |
pnpm has added a new setting, minimumReleaseAge, enabled by default, just to try to mitigate these issues. | ||