Techly NewsGet the app

Get the latest tech news

We should all be using dependency cooldowns


Nov 21, 2025 Tags: oss, security TL;DR: Dependency cooldowns are a free, easy, and incredibly effective way to mitigate the large majority of open source supply chain attacks. More individual projects should apply cooldowns (via tools like Dependabot and Renovate) to their dependencies, and packaging ecosystems should invest in first-class support for cooldowns directly in their package managers.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of dependency cooldowns

dependency cooldowns

« New Apple Store Opening in Massachusetts Next Month
Amazon Cut Thousands of Engineers in Its Record Layoffs, Despite Saying It Needs To Innovate Faster »