diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 4c1316ebcd..9bac3ddb6b 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -4,4 +4,8 @@ packages:
   - "apps/schedules"
   - "packages/server"
 
+# Supply-chain hardening: refuse package versions younger than 3 days (4320 min),
+# so newly-published malicious versions get caught/yanked before we install them.
+minimumReleaseAge: 4320
+