TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

By rooter

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.

Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

rooter
Cyber Security

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

rooter
Cyber Security

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

rooter

Leave a Reply

You Missed

Cyber Security

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

News

‘Mission: Impossible’ Has Always Been Important

Cyber Security

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

News

Why pure extortion is replacing traditional ransomware