GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.

Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html