Most of the malicious ones just curl something in a postinstall script, scanners already catch that. The sneaky ones don't look malicious until they run, and three days may not help.
Every single one now will be more sneaky, and we’ll be operating on a 3-day cooldown for no reason.
There are plenty of ways to notice a malicious release without observing it running.
Build provenance, maintainer alerts on new releases, tying releases to specific git tags, etc all help.