Y
Hacker News
new
|
ask
|
show
|
jobs
by
davidbwire
2899 days ago
Moving forward NPM should require 2-factor authentication for popular packages.
2 comments
algesten
2899 days ago
This seems like a good idea. If a package has more than x downloads or y dependencies, then require 2fa for publishing it.
link
nevir
2899 days ago
Or for publishing
all
packages
link
consumer451
2898 days ago
I cannot think of a reasonable argument against this if security is any priority at all at NPM.
link