is this like the second or third npm vulberability in a few months?

Didn’t they add a new security measure just a week ago that now requires additional manual verification from the developer before a new version is distributed by npm?