npm has invalidated all granular write-access tokens that bypass two-factor authentication (2FA). This platform-wide credential reset, announced on May 19, 2026, aims to disrupt the massive “Mini Shai-Hulud” supply chain campaign that has heavily targeted the JavaScript ecosystem. Maintainers must now generate new tokens and update their continuous integration (CI) environments. The registry took this […]
The post npm Resets Bypass-2FA Tokens After Mini Shai-Hulud Supply Chain Attack appeared first on Cyber Security News.