GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.

GitHub MCP Registry makes Model Context Protocol servers with GitHub repos discoverable from Visual Studio Code.

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

You can create a release to package software, along with release notes and links to binary files, for other people to use. Learn more about releases in our docs.

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...

In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...

Publishing your actions is a great way to help others in your team and across the GitHub community. Although actions do not need to be published to be consumed, by adding them to the marketplace you ...

Popular code repository GitHub is taking action against hackers targeting popular JavaScript code packages to spread malware.

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

米GitHubは9月25日（現地時間）、「GitHub Copilot CLI」を発表した。「GitHub」のPro、Pro+、Business、Enterpriseプランで、まずはパブリックプレビューとして提供される。