[Policy]: New Filter policy for filtering package updated within 24 hours.

[KunalSin9h]

That 24 hr is just example, it can be anything user sets, like 1 week.

New Policy Filter: Last Updated.

User on X
Can pnpm be configured to only install packages that were published 24+ hours ago? cc @ZoltanKochan

I think a highest resolution mode with a 24 hour minimum published time would be a good defensive default given the extreme amount of compromised packages in recent days and weeks.

The User asked for pnpm from which pnpm replied with their being issue: pnpm/pnpm#9921

Desired Results:

• After this policy filter user can enforce "Last Updated Before" time and packages updated within that time range will fail.

name: vet filter suite
description: |
  Define your security guardrails using vet's filters
tags:
  - SecDevOps
filters:
  - name: Last Updated Package
    check_type: CheckTypePackage
    value: |
      pkg.lastUpdated == "1 week"

[saurabhraghuvanshii]

hi @KunalSin9h can I try

[KunalSin9h]

@saurabhraghuvanshii go ahead and try, this is new policy which will require a bit of research. Happy to help when require.