The Axios npm compromise — caused by a social engineering attack that hijacked a maintainer's live browser session — exposes a critical flaw in npm's 'trusted publishing' model. Provenance attestation via Sigstore/OIDC only verifies who published a package, not whether that person was in control of their machine. The author, who was personally targeted by the same campaign, argues that provenance gives malicious packages a trustworthy signature, making it worse than useless in identity-level compromise scenarios. Proposed mitigations include: configurable release delay windows (minimumReleaseAge, already in npm 11.11.0 and pnpm), anomaly detection for suspicious publish sessions, and dual-control publishing requirements for high-impact packages. The OpenAI certificate rotation incident is cited as a real-world consequence of over-relying on provenance without these additional controls.
Table of contents
What Just HappenedAnd I’m Not Speaking TheoreticallyThe Problem with ProvenanceThe OpenAI FalloutWhat We Actually NeedThe Bottom LineSort: