News/Tech News

GitHub bolsters NPM access control

Published on Dec 08, 2022

NPM package maintainers can now restrict which packages, scopes, and organisations a token has access to with new granular access tokens.

To increase the safety and security of NPM JavaScript packages, GitHub is introducing granular access tokens to allow fine-grained permissions for NPM accounts, and providing free access to NPM code explorers.

GitHub explained on December 6 that stolen credentials are a major cause of data breaches. GitHub is introducing a granular access token type for NPM to assist NPM maintainers in managing their risk exposure. A granular access token enables NPM package maintainers to restrict which packages and scopes a token has access to, grant access to specific organisations, set the expiration date of the token, and limit access based on IP address ranges. There is also the option of selecting read-only or read-and-write access for users. An NPM account can contain up to 50 granular access tokens.

NPM organisation owners can also automate org management using granular access tokens. A token can be used to manage one or more organisations, members, or teams.

The tokens have an expiration date of one year. GitHub reported that fewer than 10% of tokens in NPM are used regularly, leaving many of these tokens inactive unnecessarily, increasing the risk of a long-lived token being compromised. The number of attack vectors can be reduced by rotating tokens regularly and limiting their expirations to the minimum requirements.

The NPM code explorer, on the other hand, allows developers to view the contents of a package directly within the NPM portal. As a result, packages can be scrutinised before being used. Formerly a paid feature, the code explorer is now publicly available for free and has been updated to improve speed and stability. According to GitHub, the code explorer is compatible with nearly all NPM packages.

NPM was acquired by GitHub, which is owned by Microsoft, in 2020. Every month, more than 200 billion NPM packages are downloaded.

Tech News

AWS Lambda

AWS Lambda SnapStart Accelerates Java Functions

The recent AWS re:Invent event announced an update to its FaaS offering AWS…

Kotlin 1.8.0 beta introduces experimental features

Kotlin 1.8.0 beta introduces experimental features

A new version of the Kotlin programming language adds support for Java 19…

Our Latest Blog

Mastering Full Stack Python Development with Django A Comprehensive Guide

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More
Unlocking the Power of Data Science with Python A Beginner's Guide

Unlocking the Power of Data Science with Python: A Beginner’s Guide

Data science has become an essential part of many industries today, and Python has become...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now