Add ability to block recently published packages (cooldown feature) #1023
Description
Is your feature request related to a problem? Please describe.
Currently, there's no way to block dependencies that are too recent (e.g., released in the last 24 hours). This creates potential security risks as very new packages might not have undergone sufficient community scrutiny.
Describe the solution you'd like
I'd like to see functionality similar to dependabot's cooldown feature (https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown-), where we can specify a minimum age for packages. This would allow teams to set policies like "no dependencies less than X days old" to reduce the risk of supply chain attacks using new releases.
Potential implementation
Allow configuring a minimum package age parameter, which would cause the dependency review to fail if any introduced package is newer than the specified threshold.