What Is Minimum Release Age? Minimum release age means you refuse package versions that were published too recently. Example: if your minimum age is 7 days, anything published in the last 7 days is blocked. Why this matters: npm: .npmrc and a TanStack Incident npm does not have a dedicated minimumReleaseAge setting like pnpm and Bun. The most modern npm-native approach is to combine: Recommended .npmrc Baseline This does not enforce age by itself, but it makes installs deterministic and safer. TanStack Incident with npm before During the recent TanStack Router supply-chain incident, some latest tags briefly pointed to compromised releases. before lets you cut resolution off before a risky…