GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),