为了保护你的包，作为包发布者，你可以要求对包具有写入权限的每个人都启用双重身份验证 (2FA)。这将要求用户在发布包时除了提供登录令牌外还提供 2FA 凭据。欲了解更多信息，请参阅“配置双重身份验证”。
英To protect your packages, as a package publisher, you can require everyone who has write access to a package to have two-factor authentication (2FA) enabled. This will require that users provide 2FA credentials in addition to their login token when they publish the package. For more information, see "Configuring two-factor authentication".
你还可以选择允许使用双重身份验证或 自动化令牌 进行发布。这允许你在 CI/CD 工作流中配置自动化令牌，但需要来自交互式发布的双重身份验证。
英You may also choose to allow publishing with either two-factor authentication or with automation tokens. This lets you configure automation tokens in a CI/CD workflow, but requires two-factor authentication from interactive publishes.
英Configuring two-factor authentication
- 在 npm“登录”页面上，输入您的帐户详细信息并单击登录。
英Navigate to the package on which you want to require a second factor to publish or modify settings.
在 "发布权限" 下，选择发布包的要求。
英Under "Publishing access", select the requirements to publish a package.
英Dont require two-factor authentication
With this option, a maintainer can publish a package or change the package settings whether they have two-factor authentication enabled or not. This is the least secure setting.
英Require two-factor authentication or automation tokens or granular access token
With this option, maintainers must have two-factor authentication enabled for their account. If they publish a package interactively, using the
npm publishcommand, they will be required to enter 2FA credentials when they perform the publish. However, maintainers may also create an automation token or a granular access token and use that to publish. A second factor is not required when using a token, making it useful for continuous integration and continuous deployment workflows.
需要双重身份验证并不允许令牌使用此选项，维护者必须为其账户启用双重身份验证，并且他们必须以交互方式发布。维护者在执行发布时需要输入 2FA 凭据。自动化令牌和粒度访问令牌不能用于发布包。
英Require two-factor authentication and disallow tokens
With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Automation tokens and granular access tokens cannot be used to publish packages.
英Click Update Package Settings.