GitHub announces latest npm security improvements due to rise in malicious incidents
Image courtesy:The Indian Wire
Microsoft-owned GitHub this week declares its latest npm security improvements, because of the increase in incidents that includes malicious npm packages.
The latest improvements follow the start of an enhanced verification for npm accounts that was declared in March and accompanying the mandatory two-factor authentication feature that the code-sharing platform has been rolling out over the past couple of months.
After launching the new two-factor authentication experience in beta, GitHub is now making it available in npm 8.15.0, as an opt-in feature – it will become the default in npm 9.
With the latest experience, login and publishing are managed in the browser, so that users could log in to an existing session by providing the second factor or email verification only, while also being able to publish multiple times by using the same IP and access token without seeing the two-factor authentication prompt for five minutes.
Developers can now also link their npm accounts with their GitHub and Twitter accounts, courtesy of new integrations on both platforms, which will be easy for verifying accounts and recovery.
GitHub says We will no longer be showing the previously unverified GitHub or Twitter data on public user profiles, making it possible for developers to audit identities and trust that an account is who they say they are.
