Skip to main content

Tag: staged publishing

2 articles

Developer workstation with laptop and notes, package manager interface on screen.

GitHub npm Tightens Security With Disabled Install Scripts

GitHub's latest npm update takes a giant leap in security by disabling install scripts by default, reducing supply-chain risks and giving developers more control. To adapt, plan to switch to trusted publishing or staged publishing with human approval for automated publishing.

Analyst 207
Developer interacts with laptop in bright office, emphasizing secure package management.

GitHub Enhances npm with 2FA-Gated Publishing to Thwart Supply Chain Attacks

GitHub's new staged publishing feature on npm adds an extra layer of security, requiring maintainers to approve package releases after completing a two-factor authentication challenge, effectively preventing unauthorized publishes and reducing the risk of supply chain attacks. This human gate ensures proof of presence for every package release, safeguarding the integrity of the npm ecosystem.

Analyst 207