GitHub to Update npm to Thwart Software Supply Chain Attacks
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Read the full articleYou might also wanna read
NPM Security Best Practices Guide for Preventing Supply Chain Attacks
A list to stay safe from NPM supply chain attacks. Contribute to bodadotsh/npm-security-best-practices development by creating an account on

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
GitHub Actions' Package Manager Lacks Critical Security Features
GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, n
npm to Implement Staged Publishing as Security Response to Supply Chain Attacks
The planned feature introduces a review step before releases go live, following the Shai-Hulud attacks and a rocky migration off classic tok

Understanding filesystem takeover vulnerabilities in npm JavaScript package manager
On the 11th of December, 2019 a security vulnerability which extends to all major JavaScript package managers (npm, yarn and pnpm) was publi
npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular acce

Comments
Sign in to join the conversation.
No comments yet. Be the first.