GitHub Boosting Security in Response to NPM Supply Chain Attacks
GitHub will require two-factor authentication for local NPM publishing and deploy short-lived, granular tokens plus trusted publishing to mitigate NPM supply-chain attacks.
GitHub to remove weak security options for npm registry
GitHub is tightening npm publishing security by removing legacy authentication, shortening token lifetimes, enforcing 2FA, and shifting to trusted publishing with short-lived tokens.