GitHub has announced substantial updates to npm security aimed at protecting the open source software community from increasingly sophisticated threats, including the recent Shai-Hulud attack that compromised numerous popular JavaScript packages. The new measures will enforce two-factor authentication (2FA) with FIDO-based WebAuthn and implement short-lived access tokens to reduce the risk of account takeovers and unauthorized publishing. These enhancements also introduce a trusted publishing model, which eliminates the need for API tokens in favor of identity-based proofs for package releases. This proactive approach underscores the shared responsibility of developers in ensuring the integrity of the software supply chain, highlighting the critical need for robust security measures in an era of escalating cyber threats.