Information security
fromThe Hacker News
3 days agoGitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
GitHub will strengthen npm publishing by requiring FIDO 2FA, short-lived granular tokens, trusted OIDC publishing, and deprecating legacy tokens to prevent supply chain attacks.