Open
Description
I was talking with @marco-ippolito and we were discussing having ways for people to know when they are using an insecure version of Node.js. Instead of having a flag (#852), what if we release a patch version after one or two months of EOL alerting users they are using an EOL version?
I mean, if they pin the version and don't get the last release, they won't see the warning, but I assume it will affect most users. We could try to do it to non-LTS versions first, and then we expand the coverage to all EOL versions (starting this year, of course).
cc: @nodejs/security-wg @nodejs/tsc