pip introduced dependency cooldowns

In a previous post, I described how uv can now protect you from supply-chain attacks with the exclude-newer feature.

This week, pip introduced a similar feature, --uploaded-prior-to. The simple syntax is:

python -m pip install --uploaded-prior-to=P<n_days>D <my_package>

In practice, to install a package (litellm in this example) excluding releases newer than a week:

python -m pip install --uploaded-prior-to=P7D litellm

A great step to increase security!