Richard Lau
@rwklau.bsky.social
Software Engineer at IBM.
Node.js Build Infrastructure, Releaser & Technical Steering Committee.
Node.js Build Infrastructure, Releaser & Technical Steering Committee.
Unfortunately my experience of December has been people stop turning up to the meetings but do not indicate that they won't/can't attend nor cancel them 😞.
December 17, 2025 at 3:08 PM
Unfortunately my experience of December has been people stop turning up to the meetings but do not indicate that they won't/can't attend nor cancel them 😞.
Reposted by Richard Lau
In the end, it would be best if NPM just blocked TOTP reuse.
TOTP stands for “Time-based One-Time Password,” after all. The “one-time” property is important enough to account for 50% of the acronym. 🙂
Even the spec explicitly calls for blocking reuse: datatracker.ietf.org/doc/html/rfc... 6/6
TOTP stands for “Time-based One-Time Password,” after all. The “one-time” property is important enough to account for 50% of the acronym. 🙂
Even the spec explicitly calls for blocking reuse: datatracker.ietf.org/doc/html/rfc... 6/6
December 12, 2025 at 1:08 PM
In the end, it would be best if NPM just blocked TOTP reuse.
TOTP stands for “Time-based One-Time Password,” after all. The “one-time” property is important enough to account for 50% of the acronym. 🙂
Even the spec explicitly calls for blocking reuse: datatracker.ietf.org/doc/html/rfc... 6/6
TOTP stands for “Time-based One-Time Password,” after all. The “one-time” property is important enough to account for 50% of the acronym. 🙂
Even the spec explicitly calls for blocking reuse: datatracker.ietf.org/doc/html/rfc... 6/6