| ▲ | diggan 5 days ago | |
> It is, if your packages are popular enough then npm will force you to enable 2FA. Are they actively forcing it? I've received the "Remember to enable 2FA" email notifications from NPM since 2022 I think, but haven't bothered since I'm not longer publishing packages/updates. Besides, the email conveniently mentions their "automation" tokens as well, which when used for publishing updates, bypasses 2FA fully. | ||
| ▲ | jsheard 5 days ago | parent [-] | |
Did you ever get this email? https://old.reddit.com/r/node/comments/xftu7i/comment/iooabn... | ||