upvote

points

by postalcoder15 hours ago |
comments
upvoteby exyi12 hours ago|
next
[-]
Do you know if there is override this specifically when I want to install a security patch? UV just claims that package doesn't exist if I ask for new version
reply
upvoteby postalcoder12 hours ago|
parent|
[-]
Yes there is. You can use those configs as flags in the CLI to override the global config.

eg:

  npm install <package> --min-release-age 0
  
  pnpm add <package> --minimum-release-age 0
  
  uv add <package> --exclude-newer "0 days"
  
  bun add <package> --minimum-release-age 0
reply
upvoteby tomtomtom7777 hours ago|
prev|
next
[-]
I understand that this is a good idea but it does feel really weird. Add a min-release-age to see if anyone who doesn't gets bitten.

Next up, we're going to advise a minimum-release-age of 14 days, cause most other projects use 7 days.

reply
upvoteby bonoboTP6 hours ago|
parent|
next
[-]
You don't have to outrun the bear, just the other guy.
reply
upvoteby talkin3 hours ago|
parent|
prev|
[-]
There will always be early adopters.

And maybe more importantly: security tools and researchers.

reply
upvoteby jerrygoyal14 hours ago|
prev|
[-]
I don't think syntax is correct for pnpm
reply
upvoteby postalcoder14 hours ago|
parent|
[-]
Works for me?

  $ pnpm add -D typescript@6.0.2
   ERR_PNPM_NO_MATURE_MATCHING_VERSION  No matching version found for typescript@6.0.2 published by Wed Mar 18 2026..
You could also set the config this way:

  pnpm config set minimumReleaseAge 10080 --global
You may be thinking about the project-specific config, which uses YAML.

https://pnpm.io/cli/config

reply