Repost Annotation

To address recent multiple npm poisoning incidents, npm has introduced staged publishing and new installation-time controls.

Unlike direct publishing—which immediately makes package versions available to consumers—prebuilt tarballs are uploaded to a staging queue, where maintainers must explicitly approve them before they become installable. This queue is visible both on npmjs.com and in the npm CLI.

Main Content (Machine-translated)

Today we’re shipping two updates focused on supply-chain security for npm:
We’ve released two updates focused on npm supply-chain security:

1. Staged publishing is generally available.
   Staged publishing is now generally available.
2. New --allow-* install source flags (--allow-file, --allow-remote, --allow-directory) complement the existing --allow-git flag.
   New --allow-* install source flags (--allow-file, --allow-remote, --allow-directory) complement the existing --allow-git flag.

Both are available in npm CLI 11.15.0 or newer.
Both features are available in npm CLI 11.15.0 or later.

Staged publishing is generally available

Staged publishing is now generally available on npm. Instead of a direct publish that immediately makes a package version available to consumers, the prebuilt tarball is uploaded to a stage queue where a maintainer must explicitly approve it before it becomes installable. The queue is visible both on npmjs.com and in the npm CLI.
Staged publishing is now generally available on npm. Rather than directly publishing and immediately making a package version available to consumers, prebuilt tarballs are uploaded to a staging queue, where a maintainer must explicitly approve them before they become installable. The queue is visible both on npmjs.com and in the npm CLI.

Staged publishing reinforces proof of presence on every publish, including those that originate from non-interactive CI/CD workflows and those using trusted publishing with OIDC. A human maintainer with a 2FA challenge is required to approve a staged package before it is released to the registry.
Staged publishing strengthens proof-of-presence for every publish—including those originating from non-interactive CI/CD workflows and those using OIDC-based trusted publishing. A human maintainer completing a two-factor authentication (2FA) challenge is required to approve any staged package before it is released to the registry.

Staged publishing is live today, and so are the docs.
Staged publishing is live today—and its documentation is, too.

• Overview and getting started
• CLI reference and permissions
• Trusted publishers (updated)

Requirements

• npm CLI 11.15.0 or newer is required to use npm stage.
• npm CLI 11.15.0 or later is required to use npm stage.
• Update CI/CD workflows to use npm stage publish instead of npm publish where you want staged behavior.
• Update your CI/CD workflows to use npm stage publish instead of npm publish wherever staged publishing behavior is desired.

Recommended setup

We recommend pairing staged publishing with trusted publishing (OIDC). A trusted publishing configuration can be limited to stage-only, which means npm publish from that workflow will be rejected and only npm stage publish is accepted. Your CI workflows continue to run non-interactively, and a maintainer later approves the staged version from the website or the CLI.
We recommend combining staged publishing with trusted publishing (OIDC). A trusted publishing configuration can be restricted to stage-only, meaning npm publish from such workflows will be rejected, while only npm stage publish is accepted. Your CI workflows continue running non-interactively, and a maintainer later approves the staged version via the website or CLI.

You can also run npm stage publish locally, but the highest-value setup is CI publishing to the stage queue and a maintainer approving from a trusted device.
You may also run npm stage publish locally—but the highest-value configuration involves CI publishing to the staging queue and a maintainer approving from a trusted device.

If you already manage trusted publishing configurations in bulk, released Feb 2026, you can use it to migrate your packages to staged publishing. Remember to update your CI workflows to the new CLI version and to use npm stage publish.
If you already manage trusted publishing configurations in bulk—released in February 2026—you can leverage this capability to migrate your packages to staged publishing. Be sure to update your CI workflows to the new CLI version and switch to npm stage publish.

New install source flags

In npm 11.10.0 we introduced --allow-git to give you control over whether npm install can resolve dependencies from Git sources. Starting in npm 11.15.0, we are adding three more flags so you can apply the same explicit-allowlist approach to every nonregistry install source:
In npm 11.10.0, we introduced --allow-git to let you control whether npm install can resolve dependencies from Git sources. Starting in npm 11.15.0, we’re adding three more flags, enabling you to apply the same explicit allowlist approach to all non-registry install sources:

• --allow-file: Controls installs from local file paths and local tarballs.
• --allow-file: Controls installations from local file paths and local tarballs.
• --allow-remote: Controls installs from remote URLs, including https tarballs.
• --allow-remote: Controls installations from remote URLs—including HTTPS tarballs.
• --allow-directory: Controls installs from local directories.
• --allow-directory: Controls installations from local directories.
• --allow-git (existing): Controls installs from any Git source, including github:, gitlab:, git+ URLs, and bare owner/repo shorthands.
• --allow-git (existing): Controls installations from any Git source—including github:, gitlab:, git+ URLs, and bare owner/repo shorthand formats.

Each flag accepts all (the current default) or none, and can also be set in .npmrc or package.json config.
Each flag accepts all (the current default) or none, and can also be configured in .npmrc or package.json.

Learn more by checking out our docs:
Learn more in our documentation:

• npm install reference (the --allow-file, --allow-remote, --allow-git variants are on the same page)
• npm install reference (the --allow-file, --allow-remote, and --allow-git variants appear on the same page)
• Config reference

As a reminder from the Feb 2026 announcement, --allow-git will change its default from all to none in the next major version of the CLI (v12). The new --allow-file, --allow-remote, and --allow-directory flags are additions in 11.15.0—you can opt into stricter behavior today by setting them to none.
As noted in the February 2026 announcement, --allow-git’s default will change from all to none in the next major CLI version (v12). The new --allow-file, --allow-remote, and --allow-directory flags are introduced in 11.15.0—you can adopt stricter behavior today by setting them to none.

More