npm granular access token invalidation to prevent supply chain attacks #196340
GitHub Community Admin
Replies: 2 comments 1 reply
This comment was marked as low quality.
This comment was marked as low quality.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Have a nice day |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
As initially announced on npm’s X channel, npm have invalidated granular access tokens with write access that bypass two-factor authentication.
This action was taken to help prevent supply chain attacks following the pattern of Mini Shai Hulud.
If your automation or CI/CD workflows are failing as a result, please update the stored npm token used by those workflows, then rerun the workflow. If you continue to run into issues or need additional help, please submit a support ticket through npm Support.
We recommend using npm Trusted Publishing to reduce reliance on long-lived access tokens.
Beta Was this translation helpful? Give feedback.
All reactions