A new beta feature from the gem.coop team: dependency cooldowns.
Cooldowns are a simple yet effective security measure: they delay newly released gem versions for a short period, reducing the risk of pulling in compromised or malicious releases. Analysis shows that most supply-chain attacks are detected within the first couple of days, which means waiting can make a significant difference.
What’s included in the beta
- A 48-hour cooldown for newly released gems
- Updates at least once per hour
In case an urgent security fix is needed, you can still use the main gem.coop as a secondary source to force the latest version of any gem.
If you want to try it, learn how to enable and use cooldowns here: gem.coop