GitHub has rolled out new controls for npm to improve the
security of the software supply chain, giving maintainers the
ability to explicitly approve a release prior to the packages
becoming publicly available for installation. Called staged
publishing, the feature is now generally available on npm. It
mandates that a human maintainer pass a two-factor authentication
(2FA) challenge to approve
Read more https://thehackernews.com/2026/05/npm-adds-2fa-gated-publishing-and.html
