Find notable cyber news and cases, enriched with sources, timelines, and signals.

Npm completes authentication overhaul to harden package publishing

Security Tool/Service
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

npm completed a major authentication overhaul in December 2025 after the Sha1-Hulud incident, replacing classic tokens with short-lived session tokens and MFA for publishing. The move is meant to reduce supply-chain attacks across the npm / Node.js ecosystem. Residual risk remains because MFA phishing and optional 90-day tokens with MFA bypass can still enable malicious package publication.

Related Happenings

GitHub npm version 12 hardens installs and token management

Security Tool/Service
H score11 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...

GitHub npm GAT publish-token mitigation guidance

Advisory/Mitigation
H score25 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...

Npm v12 default-blocks install scripts, Git dependencies, and remote URLs

Security Tool/Service
H score11 First: 12.06.2026 16:00 Last: 12.06.2026 16:00 Sources 1

About this happening: GitHub announced **npm v12** with **default-blocking install scripts, Git dependencies, and remote URLs**, shifting package installation to **explicit opt-in** and reducing **supp...

Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack

Incident
H score13 First: 01.06.2026 20:40 Last: 01.06.2026 20:40 Sources 1

About this happening: **Red Hat's** official npm namespace was hijacked in a **supply chain attack** that republished **32 packages** in the **@redhat-cloud-services** scope on **June 1**; the maliciou...

Laravel Lang organization hit by network compromise

Incident
H score14 First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: The **Laravel Lang organization** suffered a **repository compromise** that let attackers rewrite **GitHub tags** and ship malicious code through **Composer** installs. The affect...

Timeline

  1. 13.02.2026 12:45 2 articles · 4mo ago

    Initial report: Npm completes authentication overhaul to harden package publishing

    Initial Disclosure

    **npm** began hardening package publishing in **December 2025** by retiring **classic tokens** and shifting toward **session-based authentication**. The initial phase centered on reducing the blast radius of stolen credentials after the **Sha1-Hulud** incident.

    Show sources