Since early October it’s possible to enable Two Factor Authentication with your NPM account.
2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access to your npm account.
To enable it, run npm profile enable-2fa
with one of these two options:
auth-only
: enable it for any login attemptauth-and-writes
: enable it for any login attempt, publish event, profile change, etc.
Once enabled use an authentication application like Google Authenticator or Authy to generate your One-Time-Password.
Additional security measurements announced along with 2FA is the possibility to have read-only tokens — useful for all your CI/CD needs.
Note that NPM 5.5.1 or higher is required.
Protect your npm account with two-factor authentication and read-only tokens →
NPM: Using Two Factor Authentication →
Consider donating.
I don’t run ads on my blog nor do I do this for profit. A donation however would always put a smile on my face though. Thanks!
Leave a comment