Require MFA for gem pushes (#578)

MatheusRich · web-flow · commit aca286e10dd5 · 2026-04-08T10:02:46.000-05:00
This adds the `rubygems_mfa_required` metadata to the gemspec, requiring multi-factor authentication for privileged operations on RubyGems.org. This is a protection against supply chain attacks like the [recent NPM Axios compromise](https://socket.dev/blog/axios-npm-package-compromised) Reference: https://guides.rubygems.org/mfa-requirement-opt-in/
diff --git a/noticed.gemspec b/noticed.gemspec
@@ -13,6 +13,7 @@ Gem::Specification.new do |spec|
   spec.summary = "Notifications for Ruby on Rails applications"
   spec.description = "Database, browser, realtime ActionCable, Email, SMS, Slack notifications, and more for Rails apps"
   spec.license = "MIT"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = Dir["{app,config,db,lib}/**/*", "MIT-LICENSE", "Rakefile", "README.md"]
 
