GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.