GitHub on Monday announced that it will be changing its authentication and publishing options „in the near future“ in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html