New npm features for secure publishing and safe consumption

npm has introduced two new features to enhance the security of its ecosystem: granular access tokens and the npm code explorer. Granular access tokens allow maintainers and organization owners to create tokens with limited access, reducing the risk of token misuse and enabling better automation of organizational management. These tokens can be restricted to specific packages or scopes and can limit npm API access based on IP ranges, with expiration periods of up to one year. The npm code explorer, previously a paid feature, is now available for free, allowing developers to inspect package contents directly from the npm portal without downloading them, helping to prevent the deployment of potentially harmful code. Additionally, npm has mandated two-factor authentication (2FA) for maintainers of high-impact packages, which significantly contribute to the platform's traffic, to further secure the ecosystem against account hijacking.