Information security
fromTheregister
3 days agoGitHub to remove weak security options for npm registry
GitHub is tightening npm publishing security by removing legacy authentication, shortening token lifetimes, enforcing 2FA, and shifting to trusted publishing with short-lived tokens.