GitHub moves to tighten npm security amid phishing, malware plague
Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…
#theregister #IT
https://go.theregister.com/feed/www.theregister.com/2025/09/23/github_npm_registry_security/
The Register
npub10c…f4lpy
2025-09-23 13:25:04 UTC
Author Public Key
npub10czyvexf06s7m58632xn8ddk5pe5arkw8vfxsp7qzw3petnx009saf4lpySeen on
wss://relay.momostr.pinkPublished at
2025-09-23 13:25:04 UTCEvent JSON
{
"id": "bdffca43471bfc2a1f5af76b0e1c2acc6adbc5772cde61cf529f2f1c878dd47c",
"pubkey": "7e044664c97ea1edd0fa8a8d33b5b6a0734e8ece3b126807c013a21cae667bcb",
"created_at": 1758633904,
"kind": 1,
"tags": [
[
"t",
"it"
],
[
"t",
"theregister"
],
[
"proxy",
"https://geeknews.chat/@theregister/115253831558260102",
"web"
],
[
"proxy",
"https://geeknews.chat/users/theregister/statuses/115253831558260102",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://geeknews.chat/users/theregister/statuses/115253831558260102",
"pink.momostr"
],
[
"-"
]
],
"content": "GitHub moves to tighten npm security amid phishing, malware plague\n\nHundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.…\n#theregister #IT\nhttps://go.theregister.com/feed/www.theregister.com/2025/09/23/github_npm_registry_security/",
"sig": "6a7acbb09babd0a32b37cd86063c920792f16828ec8787e66752f390a05b3b10510bbf50234074d6f68bedc884fa30961dd27003a75703deee5d4d891d4912de"
}