GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
![]()
source https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html
source https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html