Wednesday, November 24, 2021 [Tweets] [Favorites]

GitHub’s Commitment to npm Ecosystem Security

Mike Hanley:

Today, we are sharing details of recent incidents on the npm registry, the details of our investigations, and how we’re continuing to invest in the security of npm. These investments include the requirement of two-factor authentication (2FA) during authentication for maintainers and admins of popular packages on npm, starting with a cohort of top packages in the first quarter of 2022.

Previously:

1 Comment

There are quite some people in this Hacker News discussion who warn against using npm as a whole.

https://news.ycombinator.com/item?id=29245080

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment