npm Introduces minimumReleaseAge and Bulk OIDC Configuration

npm has implemented new security measures in its latest CLI 11.x releases, including a release cooldown setting and bulk configuration for OIDC trusted publishing, reflecting a widespread movement towards enhanced install and publish controls within the JavaScript ecosystem. The minimumReleaseAge feature allows teams to delay the installation of newly published package versions to mitigate risks from malicious packages, although it currently lacks an exclusion mechanism for urgent updates. The introduction of the --allow-git flag in npm install aims to prevent unwanted code execution by controlling Git dependency behavior, with stricter settings expected in future releases. Additionally, npm has streamlined the OIDC trusted publishing process by enabling bulk configuration across multiple packages, reducing operational overhead for maintainers managing large portfolios. These updates align npm with other major Node.js package managers like pnpm, Yarn, and Bun, all of which have adopted similar time-based release gating, highlighting a growing consensus on the necessity of robust supply chain security measures in the software development process.