Mini Shai-Hulud Attack Forces npm to Reset Bypass-2FA Publishing Tokens

The npm registry made an urgent platform-wide move last week after supply chain attacks threatened thousands of developers. On May 19, npm invalidated every granular access token with write access that bypasses two-factor authentication, forcing maintainers to generate fresh credentials and update all automated workflows. The reset came directly in response to a campaign known […] The post Mini Shai-Hulud Attack Forces npm to Reset Bypass-2FA Publishing Tokens appeared first on Cyber Security News.