The Register on MSN

GitHub moves to tighten npm security amid phishing, malware plague

Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry ...
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

10 ChatGPT Codex secrets I only learned after 60 hours of pair programming with it

Pair programming with ChatGPT Codex for a week exposed hard-won lessons every developer should know before trying it.
InfoWorld

GitHub introduces registry for finding MCP servers

GitHub MCP Registry makes Model Context Protocol servers with GitHub repos discoverable from Visual Studio Code.
GitHub

Train multi-step agents for real-world tasks using GRPO.

RULER (Relative Universal LLM-Elicited Rewards) eliminates the need for hand-crafted reward functions by using an LLM-as-judge to automatically score agent trajectories. Simply define your task in the ...
InfoWorld

Rust 1.90 brings workspace publishing support to Cargo

Rust developers now can automatically publish all crates in a workspace in the correct order, without manually ordering ...

GitHub details upcoming changes to improve security in wake of Shai-Hulud worm in npm ecosystem

In response to the recent supply chain attack in the JavaScript package manager npm, GitHub has made a few changes that will ...
GitHub

A Step Towards Music Generation Foundation Model

We introduce ACE-Step, a novel open-source foundation model for music generation that overcomes key limitations of existing approaches and achieves state-of-the-art performance through a holistic ...