Accountability sits with both the project maintainers and the organisation operating the publishing identity. Teams should define who owns package release rights, who can revoke them, and how quickly compromised publisher access can be removed. That governance belongs in access review and offboarding processes.
Why This Matters for Security Teams
When a stolen maintainer account pushes malicious packages, the problem is not just an account compromise. It is a publishing trust failure that can cascade into downstream builds, CI pipelines, and production systems that implicitly trust signed releases or routine dependency updates. Package ecosystems reward speed and reuse, which means a single compromised publisher identity can become a supply chain event before normal review cycles catch it. The lesson is consistent with NHIMG research on LiteLLM PyPI package breach and the Shai Hulud npm malware campaign: once publisher access is stolen, the blast radius extends far beyond the maintainer’s inbox.
Security teams often misframe this as a pure legal question. It is also an identity and control question. Accountability should map to the party that owned release authority, enforced protection on the publishing identity, and could revoke access quickly enough to stop abuse. Current guidance from supply chain and identity practice suggests that package trust must be treated as privileged access, not as a developer convenience. The issue becomes sharper as AI-assisted attack tooling accelerates abuse, as seen in broader reporting on attacker automation in the Anthropic report on AI-orchestrated cyber espionage. In practice, many security teams encounter accountability disputes only after malicious packages have already been pulled into builds, rather than through intentional release governance.
How It Works in Practice
Operational accountability starts with clearly assigning publishing authority. The maintainer may control package publication, but the organisation operating the identity should own the guardrails: strong authentication, device binding where possible, rapid session revocation, and offboarding procedures that remove release rights immediately when risk appears. For high-value packages, best practice is evolving toward separating code contribution rights from release rights so that a compromised contributor account cannot directly publish.
Teams should also treat package publication as a privileged workflow with short-lived controls rather than a standing entitlement. That means using:
- Distinct publisher identities for humans, bots, and CI systems
- Just-in-time access for release windows instead of always-on publishing rights
- Mandatory approval or signed release gates for sensitive packages
- Rapid revocation playbooks tied to identity, token, and registry controls
NHIMG’s research on the 52 NHI Breaches Analysis shows how often identity compromise becomes the entry point for wider abuse, while the Ultimate Guide to NHIs frames why machine and service identities need governance comparable to human privileged access. The practical answer is that accountability sits with the organisation that failed to enforce release governance and with maintainers who did not follow the defined control process. These controls tend to break down in loosely governed open source projects where release authority is shared informally and no one can revoke compromised access fast enough.
Common Variations and Edge Cases
Tighter release controls often increase operational friction, requiring organisations to balance fast publishing against the risk of malicious package distribution. That tradeoff is especially visible in community projects, contractor-heavy teams, and CI-driven release pipelines where no single person “owns” the package end to end.
There is no universal standard for this yet, but current guidance suggests three common edge cases:
- If a maintainer is a volunteer and the registry account is managed by an organisation, accountability is shared unless release governance was explicitly delegated.
- If malware is pushed through a compromised CI token, the accountable party is often the organisation that failed to scope, rotate, and protect that token.
- If the project had documented release approvals but did not enforce them, the process owner, not just the individual maintainer, carries accountability.
Security teams should also distinguish blame from remediation. Even when a maintainer account is stolen, the organisation still has to answer for how quickly it could revoke access, notify consumers, and validate package integrity. That is why NHI controls, access review, and offboarding need to cover publishing identities as rigorously as employee accounts. In practice, many teams learn this only after downstream customers report suspicious installs, rather than when the release process is being designed.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Publishing identities need rotation and revocation controls to limit compromised maintainer access. |
| CSA MAESTRO | Release workflows for autonomous publishing systems require explicit trust and approval boundaries. | |
| NIST AI RMF | Accountability and governance over automated release agents align with AI risk management practices. |
Treat package publishers as NHIs and enforce short-lived credentials with immediate revocation on compromise.
Related resources from NHI Mgmt Group
- Who is accountable when a former employee account or stolen token is used in a breach?
- Who is accountable when a SaaS integration token is stolen?
- Who should be accountable when a leaked service account exposes production data?
- Who is accountable when a stolen credential is used to deploy workloads in cloud environments?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 24, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
