Techly NewsGet the app

Get the latest tech news

Staged publishing and new install-time controls for npm


Today we’re shipping two updates focused on supply-chain security for npm: Staged publishing is generally available. New --allow-* install source flags (--allow-file, --allow-remote, --allow-directory) complement the existing --allow-git flag. Both…

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of publishing

publishing

Photo of npm

npm

Related news:

News photo

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

News photo

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

News photo

What Is Happening to Publishing?

« Neutron scattering explains why gluten-free pasta falls apart (2025)
Exclusive: Departing Meta Staffer Posts Biting Anti-AI Video Internally Amid Mass Layoffs »