This article has been indexed from InfoWorld Security
In light of two recent security incidents impacting the popular NPM registry for JavaScript packages, GitHub will require 2FA (two-factor authentication) for maintainers and admins of popular packages on NPM.
The 2FA policy, intended to protect against account takeovers, will be put in place starting with a cohort of top packages in the first quarter of 2022, GitHub said in a bulletin published on November 15. GitHub became stewards of the registry after acquiring NPM in 2020.
Read the original article: GitHub will require 2FA for some NPM registry users