GitHub will require all users who contribute code on GitHub.com to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
Starting today, we are rolling out mandatory 2FA to all maintainers of top-100 npm packages by dependents.
GitHub continues to improve account security and developer experience with a new 2FA mechanism in GitHub Mobile on iOS and Android.
Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.