Package invalidation is the indication that an open source maintainer doesnt want you to use their package or release(s) Its often difficult to know when a package/release that you use is invalidated. Maintainers will invalidate their packages for a range of reasons: They may not use the built-in tooling for invalidation, and some purposely don’t allow it. We have compiled a matrix of invalidation support for use as reference to how different ecosystems implement it.”]
Source: https://blog.tidelift.com/the-current-state-of-package-invalidation-support-across-package-managers