all InfoSec news
Automatic npm publishing, with GitHub Actions & npm granular tokens
Malware Analysis, News and Indicators - Latest topics malware.news
This week, at long last, GitHub announced granular access tokens for npm. This is a big deal! It's great for security generally, but also particularly useful if you maintain any npm packages, as it removes the main downside of automating npm publishing, by allowing you to give CI jobs only a very limited token instead of full 2FA-free access to your account.
In the past, I've wished for this, because I maintain a fair few npm packages including some …
2fa access access tokens account actions automatic big deal free github github actions great jobs main npm packages publishing security token tokens