GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… September has been a bad month for npm with phishing attacks on package ...