Wednesday, November 24, 2021

GitHub’s Commitment to npm Ecosystem Security

Mike Hanley:

Today, we are sharing details of recent incidents on the npm registry, the details of our investigations, and how we’re continuing to invest in the security of npm. These investments include the requirement of two-factor authentication (2FA) during authentication for maintainers and admins of popular packages on npm, starting with a cohort of top packages in the first quarter of 2022.

Previously:

1 Comment RSS · Twitter

There are quite some people in this Hacker News discussion who warn against using npm as a whole.

https://news.ycombinator.com/item?id=29245080

Leave a Comment