Reply to post: Re: Ehem

Worried about occasional npm malware scares? It's more common than you may think

badflorist

Re: Ehem

So... instead of uploading the rogue NPM directly, now I have to wait for a e-mail or code? Well, it's just too hard now.

2FA doesn't change anything about NPM, it's the NPM design itself that is the problem. To be semi-fair, in the beginning it was O.K., but after time passed it simply became a failed idea.

P.S. Read the last sentence of that link you posted, it's a good example of how little NPM users pay attention.

"... 2FA on all npm accounts should discourage man-in-the-middle attacks and offer a more secure platform for Java libraries"

Java... O.K.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022