Shulou(Shulou.com)11/24 Report--

CTOnews.com, April 20, GitHub recently announced that it will improve security, using a new icon on GitHub Actions to mark the npm package, indicating its origin and attaching the appropriate link.

Developers using JavaScript can call thousands of packages through the npm package manager to add a variety of new features and functions to the project.

However, in the process of advancing the project, although developers can find a suitable npm package, they do not know whether the package is built from the source code. By introducing provenance, the npm package can verify traceability.

With regard to GitHub's motivation for this adjustment, CTOnews.com learned from an official press release that attackers have attacked popular npm packages such as UAParser.js, Command-Option-Argument, and rc over the past few years.

These attacks do not directly destroy the source code, but developers who use modified packages that contain malicious ones may affect projects and consumers.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.