Npm registry sets stage for more secure package publishing
Jump to main content
Search
REG AD
AI + ML
Npm registry sets stage for more secure package publishing
All the world's a stage, and all the packages are merely players
Thomas Claburn
Thomas<br>Claburn
Senior reporter
Published<br>thu 21 May 2026 // 20:54 UTC
GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages before they can poison the software supply chain.<br>Modern software development relies on imported bundles of code known as packages (and sometimes libraries or modules). In the past decade or so, miscreants have focused on gaining access to the accounts of package maintainers. Subverting a widely used package offers a fast track to malware distribution.<br>Last December, amid the Shai-Hulud 2.0 campaign that compromised software packages, GitHub described a series of planned security measures intended to harden security for npm package publishers.
REG AD
One of the measures, staged publishing, has now been implemented. GitHub on Wednesday merged npm stage into npm CLI (v11.15.0) and has updated the registry documentation that describes the process.
REG AD
Staged publishing might also be called gated publishing – it requires a project maintainer to approve changes to a package that has been staged for release. It's been under discussion since 2020.
MORE CONTEXT
AI is getting expensive, but relief is on the way - just not for you
Deus ex machina: Half of US Christians trust AI's spiritual advice
Flipper One wants to be the Linux multi-tool in your pocket
Web devs sleeping with the enemy: AI is doing their job and they worry it's after their desk too
"Instead of publishing directly with npm publish, you can submit packages to a staging area with npm stage publish," the documentation explains. "A maintainer must then review and explicitly approve the staged package — with two-factor authentication (2FA) via the CLI or npmjs.com — before it becomes publicly available."<br>This process should have particular value for automated workflows, which typically don't include a way to authorize via 2FA.<br>Automated workflows often rely on tokens for authentication, but these can be copied and stolen.<br>Tokens that remain valid for long periods of time become attractive targets for cyberattackers. That's why GitHub did away with long-lived classic tokens and encouraged the use of short-lived session tokens and permission-limited access tokens for automation.<br>GitHub's discontinuation of classic tokens hasn't gone all that well because short-lived tokens tend to expire at inconvenient times – no one likes having to regenerate tokens every 90 days or less and then go through the reconfiguration process.<br>Staged publishing should make it easier for developers to set up maintainable workflows without burdensome re-authentication rituals. It gives package publishers the option to stage their package via automation and to delay the 2FA approval for publishing at a later date.<br>GitHub offers trusted publishing as a way to establish trust between npm and the developer's CI/CD provider using OpenID Connect (OIDC) authentication. The OIDC mechanism still doesn't work when trying to publish a package for the first time, but together with staged publishing, the software supply chain looks a bit more defensible – so long as developers avail themselves of these tools. ®
npm<br>github<br>ai + ml<br>ai<br>software supply chain security<br>package publishing<br>two-factor authentication
REG AD
DevOps
Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for bad actors to grab data or hit you with a giant bill
Security
HackerOne takes an axe to its bug bounty rewards
Critical flaw payouts slashed by more than 75%
ZTE releases Sustainability Report 2025: driving a new chapter in sustainable development through AI
Through its "All in AI, AI for All" vision, ZTE surpasses climate targets, bridges the global digital divide, and strengthens governance resilience
AI + ML
Deus ex machina: Half of US Christians trust AI's spiritual advice
AI sycophancy + spirituality = uh oh
Columnists
Utah tells porn sites to take the P out of VPNs, and it's their fault that they can't
Governments can't touch VPNs technically or commercially. The mess they'll make if they try will be off the scale
Personal Tech
Flipper One wants to be the Linux multi-tool in your pocket
Not a Zero successor, ARM box aims for openness, but shipping remains the hard part
MOST POPULAR
Security
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
Systems
Europe built sovereign clouds to escape US control. Then forgot about the processors
AI + ML
Google users fight for refunds as unauthorized API usage bills soar
Security
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious...