Having a cooldown is different from never updating. I don’t think waiting a few days is a bad security practice in any environment, node or otherwise.