GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA (Xavier René-Corail/The GitHub Blog)

Xavier René-Corail / The GitHub Blog:
GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA  —  Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens …