GitHub on December 6 explained that stolen credentials are a main cause of data breaches. To help NPM maintainers better manage their risk exposure, GitHub is introducing a granular access token type for NPM. The granular access tokens allow NPM package maintainers to restrict which packages and scopes a token has access to, grant access to specific organizations, set token expiration dates, and limit access based on IP address ranges. Users also can select read-only or read and write access. As many as 50 granular access tokens can be created on an NPM account.