React to SHA1-Hulud the Second Comming npm breach

[galargh]

Context: https://news.ycombinator.com/item?id=46035533

Action Items:

• set minimumReleaseAge/npmMinimalAgeGate where possible
  • chore: set minimum acceptable release age to 7 days filsnap#439
  • chore: set minimum acceptable release age to 7 days FilOzone/synapse-sdk#463
• scan fil orgs in search for compromised packages usage (?)
  • check if the offending dependencies are getting flagged by github security already

[BigLep]

@galargh : is there more that is needed here?

[galargh]

Just the filsnap PR as far as I'm aware.