NPM invalidates use of fine-grained tokens that bypass 2FA

NPM has deprecated fine-grained access tokens that allowed publishers to bypass two-factor authentication (2FA), tightening security for package publishing. The change means all token-based publishing operations must now satisfy 2FA requirements, closing a loophole that could have exposed the supply chain to unauthorized access.