In light of two recent security incidents impacting the popular NPM registry for JavaScript packages, GitHub will require 2FA (two-factor authentication) for maintainers and admins of popular packages on NPM.

The 2FA policy, intended to protect against account takeovers, will be put in place starting with a cohort of top packages in the first quarter of 2022, GitHub said in a bulletin published on November 15. GitHub became stewards of the registry after acquiring NPM in 2020.

To read this article in full, please click here


Leave a Reply

Your email address will not be published. Required fields are marked *