Skip to content
Syncpack
This documentation is for v14, the docs for v13 are archived.

minimumReleaseAge

When using the update command, the minimum age (in minutes) a published version must reach before syncpack will consider it as an available update. Reduces supply chain attack risk by ignoring versions that have been on the registry for less time than the configured window — most malicious releases are detected and unpublished within an hour.

When this option is omitted from the rcfile, syncpack reads minimumReleaseAge from the project's pnpm-workspace.yaml if present. When neither is set, it defaults to 1440 (one day). Setting 0 disables the filter.

Default Value

.syncpackrc.json
{
  "minimumReleaseAge": 1440
}

Examples

Wait one week before considering a published version:

.syncpackrc.json
{
  "minimumReleaseAge": 10080
}

Disable the filter and consider all published versions:

.syncpackrc.json
{
  "minimumReleaseAge": 0
}

Inherit the value already configured for pnpm by omitting it from the rcfile:

pnpm-workspace.yaml
minimumReleaseAge: 1440