SAN FRANCISCO — GitHub has launched a new set of security upgrades for npm designed to reduce software supply chain attacks, introducing two-factor authentication (2FA)-gated publishing and tighter controls over how packages are installed from non-registry sources.
The changes aim to strengthen trust in open-source software distribution, particularly as supply chain attacks targeting widely used packages continue to rise across the developer ecosystem.
Staged Publishing Adds Human Verification Step
The centerpiece of the update is a new feature called staged publishing, now generally available on npm. Instead of immediately releasing a package after upload, the system places it into a staging queue where it must be explicitly approved by a maintainer.
To complete the release process, maintainers must pass a 2FA verification step, ensuring that every published version is authorized by a human before it becomes publicly available on npmjs.com.
According to GitHub, the system introduces “proof of presence” for each release, even when packages are built or deployed through automated CI/CD pipelines or trusted OpenID Connect (OIDC) workflows.
Developers can initiate the process using the updated npm CLI, which uploads the package to a staging environment rather than publishing it directly. Only approved maintainers can finalize the release.
Eligibility Requirements for Maintainers
To use staged publishing, package maintainers must meet several security conditions, including:
- Verified publish access to the package
- Existing package presence on the npm registry
- Enabled two-factor authentication on their account
Additionally, new packages cannot be staged until they already exist in the registry.
GitHub recommends combining staged publishing with OIDC-based trusted publishing for stronger protection against unauthorized releases.
New Install Controls for Safer Dependencies
Alongside publishing changes, npm has also introduced new install control flags that give developers more granular control over dependency sources outside the official registry.
These include:
--allow-file for local file and tarball installations--allow-remote for remote URL-based installs--allow-directory for installing from local directories
The new flags expand on existing controls and are designed to enforce stricter allowlists for non-registry dependency sources.
Response to Rising Supply Chain Attacks
The security enhancements come amid a surge in software supply chain attacks targeting open-source ecosystems. In recent months, threat actors have increasingly compromised popular packages, injecting malicious code that can propagate across development pipelines and end-user systems.
Security researchers warn that such attacks often rely on trusted dependencies to spread widely before detection, making stronger verification and controlled publishing increasingly critical.
GitHub says the latest npm updates are part of an ongoing effort to secure the open-source ecosystem and reduce the risk of unauthorized or compromised package releases.
