Mastodon Feed
Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
nunomaduro wrote:
dear package registries (npm, composer, etc), i am begging you
require 2FA before someone can tag a release RIGHT NOW
this would immediately stop a huge amount of the open source supply chain attacks we keep seeing
