GitHub Strengthens Supply Chain Security Amid NPM Hack Surge

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise.

On Sept. 22, GitHub senior director of security research Xavier René-Corail published a blog post to GitHub addressing the surge in package registry-based attacks, specifically NPM packages. The post comes in the wake of two major supply chain attacks involving NPM packages this past month: the self-replicating Shai-Hulud malware campaign and a social engineering attack against prolific developer Qix.

In the case of Shai-Hulud, an infostealing malware that embedded itself in poisoned malware packages and could steal secrets including NPM tokens, GitHub said the worm could have resulted in an endless stream of attacks if the security industry didn’t take swift action. For its part, the company said it immediately removed more than 500 compromised packages and blocked new packages containing the malware’s indicators of compromise.

In addition to these actions, GitHub said it would take steps to harden the NPM supply-chain and make package publication more secure.

GitHub Aims to Secure NPM Supply Chain

GitHub highlighted three core changes. In the future, it will only allow the open source community to publish packages locally with required two-factor authentication, have granular tokens that last only seven days, and use the Trusted Publishers authentication method.

Related:Attackers Use Phony GitHub Pages to Deliver Mac Malware

“Trusted publishing is a recommended security capability by the OpenSSF Securing Software Repositories Working Group as it removes the need to securely manage an API token in the build system,” the blog post read. “It was pioneered by PyPI in April 2023 as a way to get API tokens out of build pipelines. Since then, trusted publishing has been added to RubyGems (December 2023), crates.io (July 2025), npm (also July 2025), and most recently NuGet (September 2025), as well as other package repositories.”

GitHub, which is a subsidiary of Microsoft, will also deprecate legacy classic tokens, deprecate time-based one-time password in favor of FIDO-based two-factor authentication, place further limitations on granular tokens while disallowing tokens by default, removing the option to bypass 2FA for local package publishing, and expand the list of eligible providers for trusted publishing.

“We recognize that some of the security changes we are making may require updates to your workflows,” René-Corail wrote. “We are going to roll these changes out gradually to ensure we minimize disruption while strengthening the security posture of npm. We’re committed to supporting you through this transition and will provide future updates with clear timelines, documentation, migration guides, and support channels.”

Related:Microsoft Disrupts ‘RaccoonO365’ Phishing Service

GitHub encouraged NPM maintainers to consider using NPM-trusted publishing instead of tokens, strengthen publishing settings to require 2FA, and to use WebAuthn instead of TOTP when configuring 2FA.

Mike McGuire, senior security solutions manager at Black Duck, tells Dark Reading that GitHub’s changes mark “an important step forward” for NPM security, addressing the problems of weak authentication and overly broad, long-lived tokens.

“By enforcing modern 2FA and adopting granular, short-lived tokens, GitHub is raising the bar for attackers and closing off some of the paths that enabled incidents like the Qix compromise and Shai-Hulud,” McGuire says. “That said, no single change will fully prevent these types of attacks. Package registries are only one part of the open source software supply chain, and attackers are increasingly creative in finding ways to compromise popular projects.”

A Promising Step, But Is It Enough?

Although all security enhancements are appreciated, time will tell how they will fare against similar threat campaigns to Shai-Hulud in the future.

Related:Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages

Michael Freeman, head of threat intelligence at Armis, tells Dark Reading that GitHub’s recommended actions are steps in the right direction, but small ones. Freeman argues a more comprehensive security process will be needed to make lasting changes, including static and dynamic analysis (SAST/DAST), enforcing reproducible builds to ensure source equals artifact, real-time monitoring of suspicious registry activity and abnormal uploads, and more.

Danny Allan, chief technology officer at Snyk, similarly calls GitHub’s actions a “welcome step forward” but notes the sophisticated ways threat actors target repositories. “They add stronger controls against maintainer account compromise and worm-style propagation,” Allan says. “But this is not a silver bullet. Attacks like Shai-Hulud and Qix exploited far more than just stolen tokens, from compromised maintainers and typosquatting to malicious code injections. And today, attackers are increasingly using AI to automate and scale those attacks. Token changes alone don’t stop developers downstream from unknowingly installing already-compromised packages.”