Mini Shai-Hulud Attack Forces npm to Reset Bypass
Source: Cybersecuritynews
Published:
<p>The npm registry made an urgent platform-wide move last week after supply chain attacks threatened thousands of developers. On May 19, npm invalidated every granular access token with write access that bypasses two-factor authentication, forcing maintainers to generate fresh credentials and updat