Since early October it’s possible to enable Two Factor Authentication with your NPM account.
2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access to your npm account.
To enable it, run
npm profile enable-2fa with one of these two options:
auth-only: enable it for any login attempt
auth-and-writes: enable it for any login attempt, publish event, profile change, etc.
Once enabled use an authentication application like Google Authenticator or Authy to generate your One-Time-Password.
Additional security measurements announced along with 2FA is the possibility to have read-only tokens — useful for all your CI/CD needs.
Note that NPM 5.5.1 or higher is required.
I don’t run ads on my blog nor do I do this for profit. A donation however would always put a smile on my face though. Thanks!