npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Add user setting to have 2FA enabled by default for new packages

I want 2FA for all packages I publish and I don’t want to have to manually enable it each time I publish a new package. It’s also easy to forget to do it.

I propose you add a setting to the web account page that when enabled defaults new packages published by this user to have 2FA.

Note, this is about package-level 2FA and not the user-level 2FA already in the web account page.


It would also be great to have this setting for npm orgs! I’d love to enable 2FA for all packages in my company namespace.


See Force 2FA for all org members