[{"data":1,"prerenderedAt":114},["ShallowReactive",2],{"blog-npm-advances-supply-chain-security-with-staged-publishing-and-new-install-time-controls":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"tags":11,"cover":16,"body":17,"_type":108,"_id":109,"_source":110,"_file":111,"_stem":112,"_extension":113},"/blog/npm-advances-supply-chain-security-with-staged-publishing-and-new-install-time-controls","blog",false,"","npm Advances Supply-Chain Security with Staged Publishing and New Install-Time Controls","npm releases staged publishing feature and new install source flags to enhance package security and control.","2026-05-23",[12,13,14,15],"npm","security","supply-chain","devtools",true,{"type":18,"children":19,"toc":101},"root",[20,29,35,41,46,52,90,96],{"type":21,"tag":22,"props":23,"children":25},"element","h2",{"id":24},"enhancing-supply-chain-security-in-npm",[26],{"type":27,"value":28},"text","Enhancing Supply-Chain Security in npm",{"type":21,"tag":30,"props":31,"children":32},"p",{},[33],{"type":27,"value":34},"Supply-chain security remains a critical concern for developers managing dependencies. npm’s latest updates focus on strengthening this area by introducing staged publishing and new install-time control flags.",{"type":21,"tag":22,"props":36,"children":38},{"id":37},"staged-publishing-now-generally-available",[39],{"type":27,"value":40},"Staged Publishing Now Generally Available",{"type":21,"tag":30,"props":42,"children":43},{},[44],{"type":27,"value":45},"Staged publishing allows package maintainers to release updates in phases, reducing the risk of exposing users to potentially harmful code. By controlling the flow of package versions, maintainers can catch issues early and ensure safer updates.",{"type":21,"tag":22,"props":47,"children":49},{"id":48},"new-allow-flags-for-install-time-controls",[50],{"type":27,"value":51},"New --allow-* Flags for Install-Time Controls",{"type":21,"tag":30,"props":53,"children":54},{},[55,57,64,66,72,74,80,82,88],{"type":27,"value":56},"npm has introduced new ",{"type":21,"tag":58,"props":59,"children":61},"code",{"className":60},[],[62],{"type":27,"value":63},"--allow-file",{"type":27,"value":65},", ",{"type":21,"tag":58,"props":67,"children":69},{"className":68},[],[70],{"type":27,"value":71},"--allow-remote",{"type":27,"value":73},", and ",{"type":21,"tag":58,"props":75,"children":77},{"className":76},[],[78],{"type":27,"value":79},"--allow-directory",{"type":27,"value":81}," flags that complement the pre-existing ",{"type":21,"tag":58,"props":83,"children":85},{"className":84},[],[86],{"type":27,"value":87},"--allow-git",{"type":27,"value":89}," flag. These flags provide finer granularity in controlling what install sources are permitted, empowering developers to enforce stricter policies during package installations.",{"type":21,"tag":22,"props":91,"children":93},{"id":92},"conclusion",[94],{"type":27,"value":95},"Conclusion",{"type":21,"tag":30,"props":97,"children":98},{},[99],{"type":27,"value":100},"These enhancements mark important strides in securing npm's package ecosystem, helping to protect projects from supply-chain risks through more deliberate publishing and installation practices.",{"title":7,"searchDepth":102,"depth":102,"links":103},2,[104,105,106,107],{"id":24,"depth":102,"text":28},{"id":37,"depth":102,"text":40},{"id":48,"depth":102,"text":51},{"id":92,"depth":102,"text":95},"markdown","content:blog:npm-advances-supply-chain-security-with-staged-publishing-and-new-install-time-controls.md","content","blog/npm-advances-supply-chain-security-with-staged-publishing-and-new-install-time-controls.md","blog/npm-advances-supply-chain-security-with-staged-publishing-and-new-install-time-controls","md",1780039120934]