GitHub moves to tighten npm security amid phishing, malware plague www.theregister.com/2025/09/2…

René-Corail also described changes that he hopes will strengthen security. Many existing authentication methods will be removed “in the near future,” including legacy classic tokens and one-time passwords for two-factor authentication (2FA). Token lifetimes will also be shortened, with a switch to trusted publishing and 2FA-enforced local publishing by default.