SECURITYTHE HACKER NEWS
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has introduced staged publishing on npm, requiring maintainers to approve package releases via two-factor authentication (2FA) to enhance software supply chain security. This feature aims to prevent unauthorized or malicious package distributions by mandating human verification before public installation.
Mentioned
Related Signal
Adjacent reporting
- Npm registry sets stage for more secure package publishing
- Official SAP npm packages compromised to steal credentials
- Bitwarden CLI npm package compromised to steal developer credentials
- New npm supply-chain attack self-spreads to steal auth tokens
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
- Popular node-ipc npm package compromised to steal credentials