Vibe Coding
Tip: CEL now() for Dependency Cooldown Periods — Block Packages Published in the Last N Hours to Defend Supply Chains
A practical defense against supply chain attacks like the axios compromise: use CEL (Common Expression Language) time-based policies in dependency scanners to refuse any package published within a configurable cooldown window. The technique exploits the fact that most supply chain attacks rely on speed — publish malicious code, let automated builds pull it before detection. A 24-72 hour cooldown catches the majority of attacks while allowing legitimate updates to pass.
Source
↳ Follow the thread