GitHub Tightens npm Security with Trusted Publishing Amid Supply Chain Attacks
Exploring the Future of Tech, Innovation & Digital Transformation. Passionate about all things cyber, from AI to cybersecurity. Join the journey of discovering tomorrow's digital world today
GitHub announced on Monday that it will soon revamp its authentication and publishing options in response to a surge of supply chain attacks targeting the npm ecosystem, including the high-profile Shai-Hulud incident.
The new measures aim to combat token abuse and self-replicating malware. Key changes include:
Local publishing with mandatory two-factor authentication (2FA)
Granular tokens with a maximum lifetime of seven days
Trusted publishing, which allows secure npm package publishing directly from CI/CD workflows using OpenID Connect (OIDC)
Trusted publishing removes the need for npm tokens and strengthens cryptographic trust. Each publish is authenticated using short-lived, workflow-specific credentials that cannot be exfiltrated or reused. Additionally, the npm CLI will automatically generate and publish provenance attestations for every package.
"Every package published via trusted publishing includes cryptographic proof of its source and build environment," GitHub stated in July 2025. "Users can verify where and how your package was built, increasing trust in your supply chain."
To implement these changes, GitHub plans to:
Deprecate legacy classic tokens
Migrate users from time-based one-time password (TOTP) 2FA to FIDO-based 2FA
Shorten expiration for granular tokens with publishing permissions
Disallow tokens by default for publishing, encouraging trusted publishing or 2FA-enforced local publishing
Remove the option to bypass 2FA for local package publishing
Expand the list of eligible providers for trusted publishing
These measures come after the Shai-Hulud attack, where a self-replicating worm infected hundreds of npm packages, scanning developer machines for sensitive secrets and sending them to an attacker-controlled server.
"By combining self-replication with the ability to steal multiple types of secrets—not just npm tokens—this worm could have enabled an endless stream of attacks if not for timely intervention from GitHub and open source maintainers," explained GitHub’s Xavier René-Corail.
In a related incident, software supply chain security firm Socket discovered a malicious npm package named fezbox, which used steganography in QR codes to harvest browser passwords. The package, which debuted on August 21, 2025, was downloaded 476 times before being removed from npm.
Security researcher Olivia Brown noted, "The threat actor (npm alias janedu) executed a payload within a QR code to steal usernames and passwords from web cookies within the browser."
With these enhanced publishing and authentication protocols, GitHub aims to make the npm ecosystem safer for developers and mitigate the risk of future supply chain attacks.
