Live Wire
16:13ZWFWITNESSIRNA: Iranian Deputy Oil Minister and Head of Iran's National Petrochemical Company Hassan Abbaszadeh stated…16:13ZTHECRADLEMIranian Foreign Minister Abbas Araghchi:"The Islamabad Memorandum of Understanding has never been closer. Pen…16:12ZGEOPWATCHDrone alerts have been activated for Betzet, Betzet Beach, Shlomi, and Rosh HaNikra, the western Galilee regi…16:10ZCORRIEREDEProblema tecnico sull’aereo del Papa: re Felipe sale a bordo e lo scorta in sala vip Leggi l'articolo complet…16:10ZIDFOFFICIAIDF: Following the sirens that sounded a short while ago regarding a hostile aircraft infiltration in several…16:09ZFARSNAWorld Cup dolls went to hunt a smuggler 🔹 Peruvian police in a strange operation, at the same time as the op…16:08ZTSAPLIENKOthe Russian Federation officially warned the USA and its partners about the Oreshnik attack on Ukraine on Jun…16:08ZBRICSNEWSTrump reposts Iranian foreign minister's post saying war deal close16:13ZWFWITNESSIRNA: Iranian Deputy Oil Minister and Head of Iran's National Petrochemical Company Hassan Abbaszadeh stated…16:13ZTHECRADLEMIranian Foreign Minister Abbas Araghchi:"The Islamabad Memorandum of Understanding has never been closer. Pen…16:12ZGEOPWATCHDrone alerts have been activated for Betzet, Betzet Beach, Shlomi, and Rosh HaNikra, the western Galilee regi…16:10ZCORRIEREDEProblema tecnico sull’aereo del Papa: re Felipe sale a bordo e lo scorta in sala vip Leggi l'articolo complet…16:10ZIDFOFFICIAIDF: Following the sirens that sounded a short while ago regarding a hostile aircraft infiltration in several…16:09ZFARSNAWorld Cup dolls went to hunt a smuggler 🔹 Peruvian police in a strange operation, at the same time as the op…16:08ZTSAPLIENKOthe Russian Federation officially warned the USA and its partners about the Oreshnik attack on Ukraine on Jun…16:08ZBRICSNEWSTrump reposts Iranian foreign minister's post saying war deal close
Markets
S&P 500739.41 0.22%Nasdaq25,776 0.13%Nasdaq 10029,474 0.10%Dow512.21 0.56%Nikkei92.48 0.33%China 5035.16 0.72%Europe89.45 0.01%DAX42.17 0.25%BTC$63,719 1.61%ETH$1,666 1.21%BNB$606.38 1.17%XRP$1.13 1.65%SOL$67.37 2.75%TRX$0.3132 2.10%DOGE$0.0877 3.23%HYPE$59.91 5.76%LEO$9.54 0.14%RAIN$0.013 0.38%QQQ$718.67 0.22%VOO$679.87 0.24%VTI$365.65 0.37%IWM$292.74 0.80%ARKK$74.72 0.98%HYG$79.92 0.03%Gold$386.79 0.12%Silver$61.04 0.36%WTI Crude$126.14 2.09%Brent$48.04 2.22%Nat Gas$11.3 1.21%Copper$39.13 0.48%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%S&P 500739.41 0.22%Nasdaq25,776 0.13%Nasdaq 10029,474 0.10%Dow512.21 0.56%Nikkei92.48 0.33%China 5035.16 0.72%Europe89.45 0.01%DAX42.17 0.25%BTC$63,719 1.61%ETH$1,666 1.21%BNB$606.38 1.17%XRP$1.13 1.65%SOL$67.37 2.75%TRX$0.3132 2.10%DOGE$0.0877 3.23%HYPE$59.91 5.76%LEO$9.54 0.14%RAIN$0.013 0.38%QQQ$718.67 0.22%VOO$679.87 0.24%VTI$365.65 0.37%IWM$292.74 0.80%ARKK$74.72 0.98%HYG$79.92 0.03%Gold$386.79 0.12%Silver$61.04 0.36%WTI Crude$126.14 2.09%Brent$48.04 2.22%Nat Gas$11.3 1.21%Copper$39.13 0.48%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%
OPENNYSEcloses in 3h 45m
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
16:14 UTC
  • UTC16:14
  • EDT12:14
  • GMT17:14
  • CET18:14
  • JST01:14
  • HKT00:14
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Culture

npm's Provenance Shield Failed: What the Sigstore Bypass Reveals About Software Supply Chain Security

On May 19, 633 malicious npm package versions passed Sigstore's provenance verification system. The attack did not exploit a technical flaw — it abused a legitimate feature, raising uncomfortable questions about the infrastructure the open-source community uses to trust its builds.
By Monexus Staff WriterGlobal4-minute read23 May 2026☆ Save↗ Share⎙ Print
On May 19, 633 malicious npm package versions passed Sigstore's provenance verification system.
On May 19, 633 malicious npm package versions passed Sigstore's provenance verification system. / NPR / Photography

On May 19, 2026, 633 malicious package versions entered the npm registry and cleared Sigstore's provenance verification. No zero-day exploit. No tampered build artifacts. The attacker had generated valid signing certificates from a compromised account, and Sigstore's transparency log trusted them. The packages were cleared because the system worked exactly as designed — it just turned out the design had a gap no one had fully accounted for.

The disclosure, reported by VentureBeat on May 22, describes an intrusion into the JavaScript package ecosystem that security researchers had long worried about in theory. In practice, the attack bypassed the last trust signal that many downstream CI/CD pipelines lean on: a verified provenance attestation saying a package was built from the declared source code, by the declared maintainer.

How Valid Certificates Opened the Door

Sigstore, the open-source signing infrastructure backed by the Linux Foundation and widely adopted across cloud-native toolchains, issues short-lived certificates through its Fulcio certificate authority. The system is built around the idea that identity should be lightweight and auditable — maintainers sign packages with keys bound to email addresses verified via OpenID Connect. The transparency log, Rekor, records every signing event publicly. Anyone can check whether a package was signed by a specific identity at a specific time.

That architecture worked precisely as intended for years. But the May 19 attack revealed a structural assumption embedded in the model: if a certificate is valid, the signing identity is trustworthy. The attacker compromised an npm account, obtained a legitimate Sigstore certificate under that account's verified identity, and signed malicious package versions with it. Sigstore's log recorded the signatures. The verification checks passed. The packages propagated.

The Limits of Transparency Without Accountability

Sigstore's core innovation was making signing auditable rather than trustworthy. The transparency log lets anyone query whether a package carries a valid attestation. What it does not do is answer whether the signing identity has been compromised in the interim — between certificate issuance and package publication.

The npm maintainer account, once compromised, becomes a valid Sigstore identity. The Fulcio CA checks email ownership at issuance. It does not monitor for subsequent account takeovers or credential stuffing. The result is a signing infrastructure that is transparent but not necessarily resilient to credential theft.

This matters because the software supply chain industry has spent the past several years building exactly the kind of provenance pipeline that npm's ecosystem depends on. Sigstore adoption has accelerated in container registries, build systems, and package managers precisely because it provides a cryptographically auditable chain of custody. The May 19 incident does not invalidate that work — it narrows the threat model the industry had been planning around.

The Dependency That Nobody Tracked

npm hosts over two million packages. The JavaScript ecosystem's dependency depth — a single application often pulling in dozens or hundreds of transitive packages — means that a compromised package at any level of the tree can propagate widely before detection. The 633 malicious versions in this incident targeted different package names and version numbers, suggesting either automated scanning for high-value targets or opportunistic insertion into popular dependencies.

What the incident exposed is the degree to which modern software development has baked trust in provenance systems without equivalent investment in account security hygiene. npm accounts are protected by passwords and, increasingly, two-factor authentication — but the ecosystem's shift toward automated build and publish pipelines means that CI/CD credentials, not human-held passwords, are often the actual attack surface. Compromise a machine identity, and the provenance attestation follows automatically.

The security community's response so far has centered on two parallel tracks: improving npm account security hygiene, including mandatory 2FA for popular packages, and augmenting Sigstore's model to detect anomalous signing patterns — such as a maintainer who suddenly publishes from a new geographic location or signs packages at unusual frequencies. Both tracks are valid. Neither is sufficient on its own.

What Changes and What Does Not

Sigstore's maintainers will need to address the gap between certificate validity and identity trustworthiness. Proposed approaches include attestation chaining — requiring not just a valid Sigstore certificate but a second verification that the signing identity has not been revoked or flagged since issuance — and integration with package registry event streams to flag publishing anomalies in near-real time.

The broader supply chain security community will face a harder question: whether provenance verification can ever be fully meaningful without also verifying the security posture of the identity doing the signing. Sigstore solved the problem of transparent, auditable signing. The next problem is auditable, accountable signing — where the accountability extends to the security of the account and credential chain, not just the cryptographic signature itself.

For npm's millions of downstream users, the practical takeaway is narrower and more uncomfortable: a provenance attestation reduces, but does not eliminate, the risk of running malicious code. The infrastructure improved meaningfully. The threat model simply moved.

This publication covered the npm provenance bypass with focus on the architectural assumptions embedded in Sigstore's design. Wire coverage emphasized the scale of affected packages; this analysis foregrounds the structural gap between certificate validity and identity security.

© 2026 Monexus Media · reported from the wire