It wasn’t done through git. It was a direct npm publish from the compromised machine. If you read further down in the comments (https://github.com/axios/axios/issues/10636#issuecomment-418...), it seems difficult to pick the right npm settings to prevent this attack.

If I understand it correctly, your suggestions wouldn’t have prevented it, which is evidence that this is not as trivially fixable as you believe it is.

▲

lrvick 2 hours ago | parent [-]

To prevent supply chain attacks you need multi party cryptographic attestation at every layer, which is pretty straight forward, but you are correct, NPM and GitHub controls absolutely will not save you. Microsoft insists their centralized approach can work, but we have plenty of evidence it does not.

Operate under the assumption all accounts will be taken over because centralized corporate auth systems are fundamentally vulnerable.

This is how you actually fix it:

1. Every commit must be signed by a maintainer key listed in the MAINTAINERS file or similar

2. Every review/merge must be signed by a -second- maintainer key

3. Every artifact must be build deterministically and be signed by multiple maintainers.

4. Have only one online npm publish key maintained in a deterministic and remotely attestable enclave that validates multiple valid maintainer signatures

5. Automatically sound the alarm if an NPM release is pushed any other way, and automatically revoke it.

	▲	charcircuit an hour ago \| parent [-]
		And for 5 there should be help on the NPM end to make it so that the alarms can fire before the new update is actually revealed to the public. There could be a short staging time where it could be revoked before any harm has been done. During this staging time NPM should also scan the package through a malware scanner before allowing it to go public.