GitHub’s Commitment to npm Ecosystem Security
Today, we are sharing details of recent incidents on the npm registry, the details of our investigations, and how we’re continuing to invest in the security of npm. These investments include the requirement of two-factor authentication (2FA) during authentication for maintainers and admins of popular packages on npm, starting with a cohort of top packages in the first quarter of 2022.
Previously:
1 Comment RSS · Twitter
November 25, 2021 10:56 AM
There are quite some people in this Hacker News discussion who warn against using npm as a whole.