T1195.001Compromise Software Dependencies and Development Tools
88%
"decoding the github recommendations for npm maintainers the open source package distribution ecosystem in general has seen an increase in both velocity and severity of targeted attacks ( both attempted and successful ) over the past few years. the npm ecosystem in particular has …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
73%
"front : regardless of implementation details, the whole advice here is to stop relying on passwords to keep the barbarian hordes at bay. the reality is that attackers are increasingly targeting software package maintainers ' accounts directly, and while passwords are a good and n…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
71%
"about removing some of the most fragile assumptions that have underpinned the npm ecosystem for years. long - lived tokens, password - centric authentication, and manually managed secrets have served us well enough in calmer times, but the landscape has changed. trusted publishin…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
This blog post explores the rationale and implementation behind GitHub's security recommendations for npm maintainers following numerous high-profile supply-chain incidents. It details how hardening publishing infrastructure through trusted publishing, enforced two-factor authentication, and WebAuthn-based protocols can meaningfully increase the resilience of the ecosystem.