Prompted by a recent supply chain attack, the concept of dependency cooldowns for package managers is gaining renewed attention. This practice suggests delaying the installation of updated dependencies for a few days to allow the community to detect potential subversions.
Source: Simon Willison