Security News > 2022 > July > GitHub introduces 2FA and quality of life improvements for npm
GitHub has announced the general availability of three significant improvements to npm, aiming to make using the software more secure and manageable.
In summary, the new features include a more streamlined login and publishing experience, the ability to link Twitter and GitHub accounts to npm, and a new package signature verification system.
At the same time, GitHub announced that the two-factor authentication program introduced in May 2022 is ready to exit beta and become available to all npm users.
The npm platform is a subsidiary of GitHub and is a package manager and repository for JavaScript coders, used by developers' projects to download five billion packages daily.
The new option to connect GitHub and Twitter accounts to npm aims to help add credibility and serve as a form of identity verification so that npm accounts cannot impersonate creators of popular software.
Users will now be able to validate the source of the packages locally using the new "Npm audit signatures" command in the npm CLI. Simultaneously, the platform re-signs all packages with the ECDSA algorithm and uses HSM for key management, further bolstering security.