npm Ships Staged Publishing and Install-Source Allowlists in CLI 11.15.0, Requiring Human 2FA Approval Before Packages Go Live
GitHub's npm registry makes staged publishing generally available: packages must pass a human-approved, 2FA-gated queue before consumers can install them.
5 min read5 sources