Time to force two-factor authentication?
"To mitigate this risk, we encourage every npmjs.com user to enable two-factor authentication, with which this morning’s incident would have been impossible."
Surely it is time npm forced two-factor authentication rather than just encouraging it?