npm Packages Abused; GitHub Enhances Security and Verification of Packages

GitHub has released features for secure vulnerability reporting and npm package provenance. In other news, the Node.js open source package repository, npm, was overwhelmed with fake packages by malicious actors, which caused a temporary denial-of-service (DoS) attack.