SOC

Package managers delay new releases

How to fix

Configure release-age protection for the package managers you use. A passing setup delays new package releases by at least 7 days.

~ means your home folder.

npm-compatible package managers

Add these settings to ~/.npmrc:

min-release-age=7
minimum-release-age=10080
save-exact=true

Both release-age settings are required. npm, pnpm, Yarn, and other npm-compatible tools can read ~/.npmrc, but they use different setting names and units. min-release-age=7 is measured in days. minimum-release-age=10080 is measured in minutes, so 10080 minutes is 7 days.

Bun

Add this section to ~/.bunfig.toml:

[install]
minimumReleaseAge = 604800

Bun measures minimumReleaseAge in seconds, so 604800 seconds is 7 days.

uv

Add this section to ~/.config/uv/uv.toml:

[pip]
exclude-newer = "7d"

PyPI publishing

~/.pypirc is used for publishing packages, not installing them. Remove plaintext usernames, passwords, and tokens from this file. Use PyPI Trusted Publishing or keyring-based authentication instead.

Package managers delay new releases

How to fix

npm-compatible package managers

Bun

uv

PyPI publishing

More Mac checks

Create a Pareto Cloud account