npm Adds 2FA Staged Publishing to Fight Supply Chain Hacks

GitHub has made npm staged publishing generally available, requiring maintainers to pass a 2FA approval before a package version becomes installable, plus new install-time controls.

npm Adds 2FA Staged Publishing to Fight Supply Chain Hacks

GitHub adds npm staged publishing with 2FA approval to fight supply chain attacks

GitHub has rolled out new controls for the npm registry designed to blunt the surge in software supply chain attacks, requiring a human maintainer to clear a two-factor authentication (2FA) challenge before a package version becomes installable. The feature, called staged publishing, is now generally available and marks one of the most significant changes to how npm packages reach developers.

How staged publishing works

Rather than pushing a release straight to consumers, staged publishing uploads the prebuilt tarball to a staging queue where a maintainer must explicitly approve it before it lands on npmjs.com. GitHub says the change guarantees "proof of presence" for every publish, including those originating from non-interactive CI/CD pipelines and trusted publishing that relies on OpenID Connect (OIDC) authentication.

To use the feature, maintainers need publish access to a package that already exists on the registry, and 2FA must be enabled on the account; brand-new packages cannot be staged. Developers run "npm stage publish" from the package root after updating to npm CLI 11.15.0 or later, and GitHub recommends pairing it with trusted publishing via OIDC for the strongest protection.

New install-time guardrails

A second update introduces three install-source flags alongside the existing allow-git option: allow-file for local paths and tarballs, allow-remote for remote URLs including HTTPS tarballs, and allow-directory for local directories. Together they let teams apply an explicit allowlist approach to every non-registry install source, narrowing the avenues attackers can use to slip malicious code into a build.

Why it matters for developers

The two changes target a recurring weakness: automated publishing flows that can push compromised code the moment an attacker steals a token or hijacks a pipeline. By forcing a deliberate human approval step and tightening where packages can be installed from, GitHub raises the cost of automated, large-scale poisoning. Teams that maintain widely depended-on packages stand to benefit most, though the controls add friction that some fast-moving projects will need to plan around.

A response to escalating threats

The Microsoft-owned subsidiary is reacting to a sharp rise in attacks on open-source ecosystems. Campaigns such as the Megalodon assault on GitHub Actions and the TeamPCP package-poisoning spree have shown how quickly compromised credentials can cascade through dependencies. Defenders have also leaned on takedowns and disruptions, including Microsoft's action against a malware-signing service, to slow the tide.

Reporting based on coverage from The Hacker News and GitHub.

Category: Cyber Security

Tags: Open Source AI Security Cybersecurity Supply Chain

Related Articles