|
|
|
|
|
|
by mikeryan
921 days ago
|
|
|
NPM optionally enforces 2FA. You can create an automation token to bypass it. In that case depending on how branches are protected a push to the right branch can publish a new package. https://github.blog/changelog/2020-10-02-npm-automation-toke... Heck if they have an automated deployment and use devs personal GitHub handles all it would take is forgetting to remove an ex employee from the right github access group. Even if you took away all other access when they left. |
|
|