npmjs.com via Reddit

npm adds MFA-gated hold before packages go live

cybersecurity open source supply-chain-security open-source

Key insights

  • npm's staged publishing requires explicit MFA-verified approval before any package version becomes publicly visible in the registry.
  • The feature launched as a direct response to the Shai-Hulud supply chain attack wave that compromised thousands of packages recently.
  • This is the most significant structural defense added to npm's publishing pipeline since the introduction of trusted publishing.

Why this matters

Supply chain attacks targeting npm have historically caused outsized damage because a single compromised package can poison thousands of downstream projects before detection, so gating publication behind MFA approval shrinks the blast radius significantly. For founders and technical leaders shipping software that depends on the npm ecosystem, staged publishing changes the risk calculus for accepting third-party dependencies, since malicious publishes now require compromising both credentials and a second authentication factor. The Shai-Hulud attacks that prompted this change are still recent, meaning the threat actors are active and the urgency for teams to understand and adopt this mechanism is immediate rather than theoretical.

Summary

npm has shipped staged publishing, a structural change to how packages reach the public registry that inserts a mandatory review window requiring MFA-verified maintainer approval before any release propagates downstream. The move comes directly after the Shai-Hulud wave of supply chain attacks compromised thousands of packages in recent weeks, making it the most consequential change to npm's publishing pipeline since trusted publishing landed. The mechanism works by holding a newly published package in a pre-public state until the maintainer explicitly approves the release through a second MFA-authenticated action. Downstream consumers see nothing until that gate clears, giving maintainers a window to catch injected code or accidental credential leaks before the damage spreads. Essentially: (npm, GitHub) are shifting supply chain defense left into the publishing step itself rather than relying on post-publication detection. - Staged publishing is a direct response to Shai-Hulud, which compromised packages at scale in the weeks before this launch. - The MFA gate is mandatory for staged releases, closing the gap that let attackers publish silently with stolen credentials. - Full documentation is live at docs.npmjs.com, suggesting the feature is generally available rather than gated to select maintainers. With millions of packages depending on npm's registry, hardening the publish step is a more durable fix than downstream scanning alone.

Potential risks and opportunities

Risks

  • Large organizations with fully automated npm publishing pipelines (Vercel, Netlify, major enterprise monorepo operators) may face broken releases if their CI tokens lack MFA capability and no migration path is provided before enforcement.
  • Attackers who already hold valid MFA-enrolled maintainer credentials from the Shai-Hulud campaign could still clear the staged gate, meaning the defense fails against the most sophisticated credential-theft scenarios already in play.
  • If staged publishing increases friction enough that maintainers abandon it or misconfigure the hold window, npm risks a fragmented registry where high-risk unreviewed packages and reviewed packages coexist without clear signaling to consumers.

Opportunities

  • Supply chain security vendors (Chainguard, Socket.dev, Snyk) can position hardened package mirrors and real-time publish monitoring as complementary layers to staged publishing, targeting the enterprise accounts most exposed by Shai-Hulud.
  • CI/CD platform providers (GitHub Actions, CircleCI, Buildkite) have a clear opening to ship native staged-publishing integrations that handle MFA handoffs inside automated pipelines, removing the adoption friction for large teams.
  • Security-focused npm alternatives and private registry operators (Verdaccio, JFrog Artifactory, AWS CodeArtifact) gain a conversation-starter with enterprises who now want on-premise control over the staged approval gate rather than trusting npm's hosted infrastructure.

What we don't know yet

  • Whether staged publishing is opt-in per package or enforced registry-wide, and what the rollout timeline is for mandatory adoption across existing high-download packages.
  • How the MFA-gated hold period interacts with automated CI/CD publishing pipelines that use token-based authentication rather than human-in-the-loop approval flows.
  • Which specific packages or maintainer accounts were confirmed compromised in the Shai-Hulud wave, and whether those maintainers have been notified to rotate credentials before using staged publishing.

Originally reported by npmjs.com

Read the original article →

Original headline: npm Launches Staged Publishing — MFA-Gated Review Window Before Packages Reach the Public Registry