GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
