The easiest way to action as a user seems like it would be to use local package managers that includes something like Dependabot's cooldown config. I'm not aware of any local package managers that do something like this?

https://docs.github.com/en/code-security/reference/supply-ch...