GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale ...

GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. The attack was discovered by ...

Hands on with GitHub’s open-source tool kit for steering AI coding agents by combining detailed specifications and a human in ...

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a self-replicating worm infiltrated the npm registry and compromised more than 180 ...

Discover how Claude Sonnet 4.5 and Claude Code Agents 2.0 are changing AI coding with autonomy, efficiency, and seamless workflow integrations ...

GhostAction attack stole 3,325 secrets from 327 GitHub accounts GitGuardian helped shut it down and alerted affected projects A separate NPM attack hit 2,000 accounts but was unrelated Thousands of ...

The company is bringing its AI coding agent directly to the terminal with native GitHub integration, agentic capabilities, and full developer control.