{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidqxojbkp5xat6dfyeuteyjnlpaudf4eprainqcvc4rvupf6fiani",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mmkbewxkpcx2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreibqeridleinytim7wou63ssqjpp2y6ypvvend6yempv6w2legk5ee"
    },
    "mimeType": "image/png",
    "size": 687277
  },
  "path": "/2026/05/npm-adds-2fa-gated-publishing-and.html",
  "publishedAt": "2026-05-23T16:35:10.000Z",
  "site": "https://thehackernews.com",
  "textContent": "GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.\n\nCalled staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve",
  "title": "npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks"
}