Cool down before you install: give new gems a few days to be vetted

DRANK

Most supply-chain attacks against RubyGems exploit a narrow window: an account is compromised, a malicious version ships, and any bundle install in the minutes that follow resolves straight to it. ...