GitHub outlines plans to secure npm following multiple supply-chain attacks, including deprecating legacy classic tokens and migrating users to FIDO-based 2FA — Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens …