GitHub's plan for a more secure NPM supply chain(github.blog)
github.blog
GitHub's plan for a more secure NPM supply chain
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
They still need it still needs a Personal Access Tokens - but many organisations restrict them now, and even bypassing that, the PAT tokens are too broad in there permissions (github cli being one example)