The enhanced security features will be available in NPM 8.15.0, which will be published on July 26th, according to the article.
NPM has been targeted by a variety of malicious actors over the years as a key component of the open-source software ecosystem for the JavaScript programming language. One of the most common methods for attackers to get control of packages has been to purchase expired domains registered to package publishers and use them to set up email accounts that can be used to receive a password reset emails for the package. In light of this, expanding the usage of 2FA for entering into NPM accounts has the potential to significantly enhance security.
