2.
npm is making package publishing part of the security boundary
2FA-gated publishing and install controls move registries from passive package stores toward active defenses against compromised maintainers and malicious releases
@asadeddin on Backlist
1 appearance on the backlist front page in the last 30 days.