npm 2FA-gated staged publishing GA + install-source restriction flags (supply-chain hardening)

tool · tool:npm-staged-publishing-2fa

Coverage timeline

first 2026-05-24 → last 2026-05-24

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

updates

Co-occurring entities

no co-occurrence

Story timeline

2026-05-24CTI Daily Brief — 2026-05-24
updatesDefensive response to Megalodon/mini-shai-hulud npm waves; --allow-remote/--allow-directory/--allow-file controls

Where this entity is cited

updates1

Source distribution

github.blog1 (50%)
thehackernews.com1 (50%)

All cited sources (2)

Items in briefs about npm 2FA-gated staged publishing GA + install-source restriction flags (supply-chain hardening)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.