GitHub Introduces New Security Controls for npm to Enhance Software Supply Chain Protection

GitHub has introduced new security controls for npm to enhance software supply chain protection, including a feature called staged publishing that is now generally available. This feature requires maintainers to explicitly approve package releases before they become publicly installable, mandating a two-factor authentication (2FA) challenge for human verification. The update aims to mitigate supply chain attacks by preventing unauthorized or malicious package modifications from being distributed. No specific dates, CVE IDs, or numerical impact metrics were provided in the reported details. The changes apply to npm, a widely used JavaScript package registry.