GitHub yalengeza kutulutsidwa kwa woyang'anira phukusi wa NPM 8.15, wophatikizidwa ndi Node.js ndipo amagwiritsidwa ntchito kugawa ma module a JavaScript. Zadziwika kuti mapaketi opitilira 5 biliyoni amatsitsidwa kudzera pa NPM tsiku lililonse.
Zosintha zazikulu:
- Lamulo latsopano la "audit signature" lawonjezedwa kuti lifufuze kukhulupirika kwa mapaketi omwe adayikidwa, omwe safuna kusinthidwa ndi zida za PGP. Njira yatsopano yotsimikiziranso imachokera pakugwiritsa ntchito siginecha ya digito yozikidwa pa algorithm ya ECDSA komanso kugwiritsa ntchito HSM (Hardware Security Module) pakuwongolera zinthu zazikulu. Maphukusi onse omwe ali munkhokwe ya NPM asayinidwa kale pogwiritsa ntchito chiwembu chatsopanocho.
- Kutsimikizika kwazinthu ziwiri kwalengezedwa kuti kulipo kuti agwiritsidwe ntchito mofala. Onjezani njira yosavuta yolowera ndikusindikiza ku npm CLI, ikuyenda pa msakatuli. Mukatchula njira ya "-auth-type=web", mawonekedwe apaintaneti omwe amatsegulidwa mu msakatuli amagwiritsidwa ntchito kutsimikizira akauntiyo. Magawo agawo amakumbukiridwa. Kuti mukhazikitse gawo, muyenera kutsimikizira imelo yanu pogwiritsa ntchito mawu achinsinsi anthawi imodzi (OTP), ndipo mukamagwira ntchito m'magawo okhazikitsidwa kale, muyenera kungotsimikizira gawo lachiwiri la kutsimikizika kwazinthu ziwiri. Njira yokumbukira imaperekedwa, yomwe imakulolani kuti muthe kufalitsa ntchito mkati mwa mphindi 5 kuchokera pa IP yomweyo komanso ndi chizindikiro chofanana popanda zidziwitso zowonjezera zazinthu ziwiri.
- Kutha kulumikiza maakaunti a GitHub ndi Twitter ku NPM, kukulolani kuti mulumikizane ndi NPM pogwiritsa ntchito akaunti yanu ya GitHub ndi Twitter.
Mapulani ena amatchulanso kuphatikizika kwa kutsimikizika kwazinthu ziwiri kumaakaunti okhudzana ndi mapaketi omwe amatsitsa opitilira 1 miliyoni pa sabata kapena okhala ndi ma phukusi opitilira 500. Pakadali pano, kutsimikizika kwazinthu ziwiri kumangogwiritsidwa ntchito pamaphukusi apamwamba 500.
Source: opennet.ru