Tag: package security
1 article

GitHub Enhances npm with 2FA-Gated Publishing to Thwart Supply Chain Attacks
GitHub's new staged publishing feature on npm adds an extra layer of security, requiring maintainers to approve package releases after completing a two-factor authentication challenge, effectively preventing unauthorized publishes and reducing the risk of supply chain attacks. This human gate ensures proof of presence for every package release, safeguarding the integrity of the npm ecosystem.