Skip to content
The Nexus
DossierENTITY

staged publishing

Coverage of staged publishing in the Nexus archive.

Earliest in view: May 21 · 19:54 UTCMost recent: May 23 · 16:35 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 23 · 16:35 UTCTHE HACKER NEWS
    npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

    GitHub has introduced staged publishing on npm, requiring maintainers to approve package releases via two-factor authentication (2FA) to enhance software supply chain security. This feature aims to prevent unauthorized or malicious package distributions by mandating human verification before public installation.

  • TECHNOLOGYMay 22 · 19:49 UTCHACKER NEWS
    GitHub introduces staged publishing and new install-time controls for NPM

    GitHub has introduced staged publishing for NPM packages, allowing developers to delay public visibility until ready. New install-time controls help manage package versions and dependencies during installation, enhancing security and reliability for NPM users.

  • SECURITYMay 21 · 19:54 UTCTHE REGISTER
    Npm registry sets stage for more secure package publishing

    GitHub has implemented staged publishing for npm packages, requiring maintainer approval via two-factor authentication before packages become publicly available. This security measure aims to prevent compromised packages from poisoning the software supply chain by addressing the vulnerability of automated workflows that rely on tokens. The feature, discussed since 2020, works alongside trusted publishing using OIDC authentication to improve overall package security.