SantiagoTorres
commented
7 years ago Hey, nice post!
Now that you guys are considering adding 2FA to user accounts in NPM, have you considered also using a security model such as The Update Framework?
Many other community repositories (python, Flynn, Haskell's hackage and even Docker, to name a few) are using it.
IIRC, it supports package signing using yubikeys, which would play greatly with 2FA.
Cheers!
Comments for the Node.js Security Overview blog post.