Pnpm has a new setting to stave off supply chain attacks

If everyone is going to wait 3 days before installing the latest version of a compromised package, it will take more than 3 days to detect an incident.