GitHub has announced upcoming changes to its authentication and publishing systems for the npm ecosystem in response to a recent wave of supply chain attacks.
The company plans to introduce new security measures aimed at reducing the risks posed by token abuse, credential theft, and malware propagation. Among the changes are the enforcement of two-factor authentication (2FA) for local publishing, the adoption of granular access tokens that expire after seven days, and the expansion of a secure publishing method called Trusted Publishing. The latter approach uses OpenID Connect (OIDC) to enable npm packages to be published directly from continuous integration and delivery (CI/CD) workflows without the need for traditional authentication tokens.
Instead of relying on reusable credentials, Trusted Publishing issues short-lived, workflow-specific credentials tied to the publishing environment. The credentials cannot be exfiltrated or reused, reducing the risk of token theft. Additionally, every package published via Trusted Publishing will include cryptographic provenance attestations, making it possible to verify both the origin and the build environment of the package.
GitHub said it will begin deprecating older, less secure authentication methods. Legacy classic tokens and time-based one-time password (TOTP) 2FA will be phased out in favor of more secure FIDO-based authentication. Tokens with publishing permissions will have shorter expiration periods, and publishing access via tokens will be disabled by default, with a strong push toward Trusted Publishing or 2FA-enforced local publishing. GitHub also plans to expand the list of supported identity providers to make Trusted Publishing accessible to a wider range of development workflows.
GitHub’s announcement follows the Palo Alto Networks Unit 42’s report about Shai-Hulud, a self-replicating worm that infected hundreds of npm packages. The malware scanned infected developer machines for sensitive credentials and sent the stolen data to an attacker-controlled server.
Furthermore, a separate campaign aimed at the npm registry compromised over 40 packages maintained by multiple developers. According to supply chain security firm Socket, the attackers inject malicious JavaScript code into popular npm packages through a tampered publishing function. The affected function (NpmModule.updatePackage) manipulates package tarballs by modifying package.json, injecting a malicious script (bundle.js), and repackaging the archive for redistribution.