This is terrible advice, even if I assume you are also using a key-file on a removable usb. An attacker can brute force decrypt your db. There is no rate limiting when you literally have the database file, they could replicate it across thousands of servers each with dozens of cores, each core trying a dozen keyphrases per second. That’s assuming a motivated attacker like a government or crypto scammers, but why open yourself to that possibility?

You can just pass the --update flag when invoking yt-dlp. I don’t think the package itself needs to be up to date in order to work reliably.

Like, piping the output of a program into another program.