Skip to content

All npm accounts are now enrolled in login verification

All npm accounts that do not have two-factor authentication (2FA) enabled will now receive an email with a one-time password (OTP) when authenticating through either the npmjs.com website or the npm CLI. The emailed OTP must be provided, in addition to a user’s password, before authenticating. This extra layer of authentication helps prevent common account takeover attacks, such as credential stuffing, which utilize a user’s compromised and reused password. It is worth noting that enhanced login verification is intended to be an additional baseline protection for all publishers. It is not a replacement for 2FA, such as time-based one-time passwords (TOTP), WebAuthn, or other methods described by NIST 800-63B. We encourage maintainers to opt-in to 2FA authentication. In doing so, you will not need to perform enhanced login verification.

You can read more about enhanced login verification in our documentation and blog.

Two weeks ago, GitHub released support for Mermaid diagrams in files and most Markdown fields (see Include diagrams in your Markdown files with Mermaid). However, gists were missing support for Mermaid. Now, gists do support Mermaid diagrams just like discussions, issue comments, pull request comments, and files on GitHub. Still to come, and very important, is wiki support for Mermaid diagrams.

For more information about using Mermaid with GitHub, see Creating diagrams in the GitHub documentation.

See more