NPM 2FA for publishing #740
elliotblackburn
started this conversation in
Team Posts
Replies: 3 comments
-
|
I’m a big fan of 2FA and all for enabling it |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I should be good to go. 👍 Lock it down! 🔒 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Cheers guys, I've enabled that now, you'll need a 2FA code if you publish a new version of statsd to npm in the future 🎊 🎉 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey everyone, I published v0.8.6 to npm today with some fixes and community contributions. I noticed the package doesn't require 2FA for publishing. It looks like I'm able to turn this on but anyone who doesn't have 2FA enabled on npm would not be able to publish updates to the package.
I'm not sure if it'll kick people off as "maintainers" if they don't have 2FA enabled already and I can't find any docs about it. @mheffner you're down as the only one who hasn't got it enabled at the moment, I'm not sure if this would impact you.
I think given some of the history of malicious publishing to npm, it might be a good idea to for us to turn this on as statsd is in fairly wide use still. Would you folks mind if we turn this setting on to help add a layer of security?
Beta Was this translation helpful? Give feedback.
All reactions