The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
expose metadata about whether a package was published with 2FA
Packages published with 2FA are more trustworthy than packages that were not.
It would be useful to identify in package trees which packages were not published with 2FA/which maintainers are not using 2FA. I’m not saying that
npm audit should consider them less trustworthy, but external tools would be able to leverage this information to enforce their own policies.