Github's Plan for a More Secure Npm Supply Chain

Posted4 months agoActive4 months ago

abraham

22 points

1 comments

github.blogTechstory

calmmixed

Debate

20/100

Supply Chain SecurityNpmGithub

Key topics

Supply Chain Security

Npm

Github

GitHub outlines its plan to improve the security of the NPM supply chain, with commenters discussing the challenges of implementing fine-grained access tokens.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

10m

Peak period

0-1h

Avg / period

Key moments

01Story posted
Sep 23, 2025 at 9:01 AM EDT
4 months ago
Step 01
02First comment
Sep 23, 2025 at 9:11 AM EDT
10m after posting
Step 02
03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03
04Latest activity
Sep 23, 2025 at 9:11 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 1 comments

tanepiper

4 months ago

An annoyingly big part of the issue is GitHub Access Tokens - to this day there are still features we like to use in GitHub but can't because GitHub hasn't made them work with fine-grained tokens.

They still need it still needs a Personal Access Tokens - but many organisations restrict them now, and even bypassing that, the PAT tokens are too broad in there permissions (github cli being one example)

View full discussion on Hacker News

ID: 45346445Type: storyLast synced: 11/20/2025, 6:30:43 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN