#trusted-publishing

[ follow ]
#npm
fromSecurityWeek
2 days ago
Node JS

GitHub Boosting Security in Response to NPM Supply Chain Attacks

GitHub will require two-factor authentication for local NPM publishing and deploy short-lived, granular tokens plus trusted publishing to mitigate NPM supply-chain attacks.
fromTheregister
3 days ago
Information security

GitHub to remove weak security options for npm registry

GitHub is tightening npm publishing security by removing legacy authentication, shortening token lifetimes, enforcing 2FA, and shifting to trusted publishing with short-lived tokens.
[ Load more ]