Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
Bleeping Computer

GitHub introduces 2FA and quality of life improvements for npm

GitHub has announced the general availability of three significant improvements to npm (Node Package Manager), aiming to make using the software more secure and manageable. In summary, the new ...
heise online

After major npm attack: Github tightens security measures

GitHub has unveiled a comprehensive plan to improve npm (Node Package Manager) security. The measures are a direct response to the major npm attack in mid-September, in which self-replicating malware ...
Dark Reading

GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up

GitHub this week committed to a more secure NPM supply chain in the wake of a handful of attacks causing widespread compromise. On Sept. 22, GitHub senior director of security research Xavier ...
SD Times

GitHub details upcoming changes to improve security in wake of Shai-Hulud worm in npm ecosystem

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
TechRepublic

How GitHub Is Securing the Software Supply Chain

A surge in supply chain attacks has put open-source software risk, prompting GitHub to strengthen security across its npm ecosystem. The company, which operates the world’s largest code repository, is ...