GitHub has rolled out a significant security enhancement for the npm ecosystem by introducing staged publishing and new install-time controls. This update aims to thwart automated supply chain attacks that target open-source packages.
Introduction of Staged Publishing
The newly implemented staged publishing feature alters the traditional npm package distribution method. Instead of instantly making a package available, the prebuilt package tarball is now placed into a staging queue. Only after a human maintainer explicitly approves the package does it become publicly accessible.
This approach adds a crucial security checkpoint, particularly for automated CI/CD workflows that are common targets for supply chain attacks. Even if an attacker infiltrates a pipeline or inserts malicious code, a package can only be released with manual approval.
Key Security Features
The staged publishing system includes mandatory human approval enforced with two-factor authentication (2FA), visibility of staged packages via npm CLI and npmjs.com, and safeguards against unauthorized or automated publishing attempts. It also strengthens proof-of-presence for maintainers during the release process.
This feature is available from npm CLI version 11.15.0 onward. Developers must transition from the standard npm publish command to npm stage publish for staged workflows. GitHub advises combining staged publishing with trusted publishing using OpenID Connect (OIDC), which allows CI/CD systems to place packages in the staging queue without using long-lived credentials.
Enhancements in Install-Time Security
Alongside staged publishing, GitHub has introduced new install-time security flags in npm 11.15.0, offering detailed control over dependency origins. These flags help prevent installations from malicious or unexpected sources by managing where dependencies can be installed from.
The new flags include options for local files, remote URLs, local directories, and Git repositories. These can be set to either all (default) or none and configured through .npmrc or package.json files. This enables developers to implement strict allowlist policies, reducing the risk of dependency confusion or injection attacks.
Security Impact and Future Outlook
GitHub has announced that in npm CLI version 12, the default setting for the –allow-git flag will shift from all to none, marking a move towards stricter security defaults. Developers are encouraged to manually apply these restrictions early on.
By setting flags to block all non-registry installs and only allowing trusted registry packages, organizations can create a highly controlled pipeline environment. This, along with staged publishing, ensures that both package creation and consumption are secure.
These updates directly tackle common supply chain attack vectors such as malicious code injection in CI/CD pipelines and unauthorized package publishing. With these innovations, GitHub is steering npm toward a zero-trust supply chain model, and organizations are strongly encouraged to upgrade to npm CLI 11.15.0 or later to leverage these protections.
