I've just filed issues with npm and uv (edit: and pip) proposing that if their dependency-cooldown options are unset they should default to seven days. No safety measure is perfect but sensible defaults can hopefully improve the situation.
I've just filed issues with npm and uv (edit: and pip) proposing that if their dependency-cooldown options are unset they should default to seven days. No safety measure is perfect but sensible defaults can hopefully improve the situation.
If you have a fediverse account, you can quote this note from your own instance. Search https://cosocial.ca/users/mhoye/statuses/116178291534758736 on your instance and quote it. (Note that quoting is not supported in Mastodon.)