NPM version 11.10.0 (Feb 2026) can now consider the relative age of a package release before installing it through the introduction of a new min-release-age config flag.
Limiting package installation based on age is known as dependency cooldown, specifically useful as a low-effort defense to address the rise in supply chain attacks.
Continue reading Give Your Dependencies a RestA security vulnerability was discovered at GitHub back in 2012 that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. Although there was no known malicious activity using this exploit, they took the responsible step to email all their users that have SSH keys associated with their account to verify and approve them before they could be used to clone/pull/push repositories over SSH again.
Continue reading GitHub SSH Public Key Fingerprint CheckingDomainKeys Identified Mail (DKIM) is a method for email authentication designed to detect sender address forgery (spoofing) in email, which is often used in spam and phishing emails.
Continue reading Checking your DKIM DNS record