GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.
Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve a package before it is pushed to the npmjs[.]com.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“Instead of a direct publish that immediately makes a package version available to consumers, the prebuilt tarball is uploaded to a stage queue where a maintainer must explicitly approve it before it becomes installable,” GitHub said.
The Microsoft-owned subsidiary said the change ensures “proof of presence” for every publish, including those that come from non-interactive CI/CD workflows and trusted publishing with OpenID Connect (OIDC) authentication.
Before using staged publishing, package maintainers have to meet the following criteria –
- Have publish access to the package
- Package already exists on the npm registry, meaning a brand new package cannot be staged
- 2FA is enabled for the account
Developers can use the command “npm stage publish” from the root directory of the package to submit it to a staging area. To use this command, it’s essential to update to npm CLI 11.15.0 or newer. For optimal protection, GitHub is recommending that staged publishing be paired with trusted publishing using OIDC.
A second update focused on npm relates to the introduction of three new install source flags alongside the existing -allow-git flag –
- –allow-file: Controls installs from local file paths and local tarballs
- –allow-remote: Controls installs from remote URLs, including https tarballs
- –allow-directory: Controls installs from local directories
The flags allow developers to “apply the same explicit-allowlist approach to every non-registry install source,” GitHub said.
The development comes amid a massive surge in software supply chain attacks targeting open-source ecosystems over the past few months, with one cybercriminal group known as TeamPCP engaging in poisoning popular packages at an unprecedented scale through a self-perpetuating cycle of compromises.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
May 23, 2026
Malware / DevSecOps
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said . "Instead, it was inserted into package.json, targeting projects that ship JavaScript build tooling alongside PHP code." This "cross-ecosystem placement" makes the activity stand out because developers and security teams scanning PHP dependencies may only focus on Composer-related metadata, while skipping package.json lifecycle hooks that are bundled within the package. The malicious versions have since been removed from Packagist. An analysis of the packages has uncovered that their upstream repositories have been modified to include a postinstall script that attempts to download a Linux binary from a GitHub Releases URL ("github[…