GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how npm packages are published and distributed. Instead of immediately making a package available after publishing, […]
The post GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks appeared first on Cyber Security News.