Tech »  Topic »  GitHub is finally tightening up security around npm following multiple attacks

GitHub is finally tightening up security around npm following multiple attacks

2 days, 4 hours ago   techradar.com
(Image credit: Gil C / Shutterstock)
  • GitHub will enforce 2FA and deprecate legacy tokens to improve package publishing security
  • Trusted Publishing will expand, and token-based publishing will be restricted by default
  • Shai-Hulud worm breached npm, prompting removal of over 500 compromised packages

Following a number of recent high-profile attacks and hacking attempts, GitHub has decided to make substantial changes to the security of its platform.

In a blog post, GitHub detailed changes to authentication and publishing, set to go live “in the near future”, with the aim of hardening package publication.

The announcement notes authentication and publishing options will be changed to include local publishing with required 2FA, granular tokens with a seven-day expiration date, and Trusted Publishing.

NPM packages from Nx targeted in latest worrying software supply chain attackGitHub users targeted with dangerous malware attacks - here's what we know

Extra authentication and protection

Furthermore, GitHub announced it would ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE

More related news