21CTO

Sep 24, 2025 · Information Security

How GitHub’s New npm Security Measures Aim to Stop Supply‑Chain Worms

GitHub is tightening npm security by removing infected packages, enforcing two‑factor authentication for publishing, shortening token lifespans, and expanding trusted publishing to curb the Shai‑Hulud worm and protect the open‑source supply chain.