+1

For those who don't know what broxit is talking about, they're referring to something like --minimum-release-age/minimumReleaseAge in many pieces of software and package managers to reduce vulnerability to supply chain attacks. Often times, such attacks are detected within a few days of compromise.

Here's Bun's, as an example: https://bun.com/docs/pm/cli/install#minimum-release-age