In December 2025, npm completed a major authentication overhaul following the Sha1-Hulud incident to reduce supply-chain attack risks. The platform revoked classic long-lived tokens and introduced short-lived session-based credentials with MFA by default. However, npm projects are still exposed to phishing, console compromise, and automation abuse. Historically, npm relied on classic tokens — long-lived credentials with broad permissions. If compromised, attackers could publish malicious package versions under a maintainer’s name. This was the core mechanism behind incidents such as Shai-Hulud and the chalk/debug compromise.
In response, npm:
revoked all classic tokens;
introduced short-lived session tokens (around two hours);
made MFA the default for publishing;
promoted OIDC Trusted Publishing for CI/CD workflows to eliminate stored secrets.
These steps significantly improve security by limiting credential lifetime and enforcing second-factor verification during sensitive operations.
However, two major issues remain. First, MFA phishing attacks are still viable. If attackers gain console access, even short-lived tokens provide enough time to publish malicious packages. Second, developers can still generate 90-day tokens with MFA bypass enabled — effectively recreating the original risk profile.
If console access equals publish access, the fundamental supply-chain exposure persists.
Security experts also highlight the “build from source” model — compiling packages from verifiable upstream repositories instead of consuming prebuilt npm artifacts. Public incident analysis shows that in 98.5% of malicious package cases, malware was injected only in the published artifact, not the upstream source code. Building from source dramatically reduces attack surface.
Supply-chain attacks targeting npm remain one of the most critical threats in the JavaScript ecosystem. A single compromised package can impact thousands or even millions of downstream projects. Despite authentication improvements, human factors — phishing, social engineering, and weak token management — continue to present systemic risk.
The Swiss cheese security model emphasizes layered defenses: MFA, OIDC, short-lived tokens, release metadata transparency, and verifiable source builds.
npm has taken a meaningful step forward by eliminating permanent tokens and strengthening authentication defaults. Yet as long as MFA and OIDC remain optional and console access enables direct publishing, supply-chain risk persists. Development teams should adopt layered access controls, secure CI/CD pipelines, and consider source-verifiable build strategies to reduce exposure.
