alt Hacker NewsWhy do you keep using token auth? This is unacceptable negligence these days.
NPM supports GitHub workflow OIDC and you can make that required, disabling all token access.
Replies
junon • yesterday at 12:34 PM
OIDC is not a silver bullet either and has its own set of vectors to consider too. If it works for your org model then great, but it doesn't solve every common scenario.
➕ show 1 reply
huflungdung • yesterday at 12:19 PM
[dead]
Yep, we are moving to workflow OIDC as the next step in recovery.