{"id":34267,"date":"2021-11-24T15:45:45","date_gmt":"2021-11-24T20:45:45","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=34267"},"modified":"2021-11-24T15:45:45","modified_gmt":"2021-11-24T20:45:45","slug":"githubs-commitment-to-npm-ecosystem-security","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/11\/24\/githubs-commitment-to-npm-ecosystem-security\/","title":{"rendered":"GitHub&rsquo;s Commitment to npm Ecosystem Security"},"content":{"rendered":"<p><a href=\"https:\/\/github.blog\/2021-11-15-githubs-commitment-to-npm-ecosystem-security\/\">Mike Hanley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/github.blog\/2021-11-15-githubs-commitment-to-npm-ecosystem-security\/\">\n<p>Today, we are sharing details of recent incidents on the npm registry, the details of our investigations, and how we&rsquo;re continuing to invest in the security of npm. These investments include the requirement of two-factor authentication (2FA) during authentication for maintainers and admins of popular packages on npm, starting with a cohort of top packages in the first quarter of 2022.<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2018\/11\/27\/popular-npm-package-compromised\/\">Popular NPM Package Compromised<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Mike Hanley: Today, we are sharing details of recent incidents on the npm registry, the details of our investigations, and how we&rsquo;re continuing to invest in the security of npm. These investments include the requirement of two-factor authentication (2FA) during authentication for maintainers and admins of popular packages on npm, starting with a cohort of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-11-24T20:45:48Z","apple_news_api_id":"a056f3dd-2645-480a-94b8-7d82b6ad5474","apple_news_api_modified_at":"2021-11-24T20:45:48Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AoFbz3SZFSAqUuH2Ctq1UdA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[524,346,1136,71,48,2090],"class_list":["post-34267","post","type-post","status-publish","format-standard","hentry","category-technology","tag-github","tag-javascript","tag-node-js","tag-programming","tag-security","tag-two-factor-authentication-2fa"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/34267","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=34267"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/34267\/revisions"}],"predecessor-version":[{"id":34268,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/34267\/revisions\/34268"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=34267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=34267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=34267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}