GitHub’s commitment to npm ecosystem security
We're sharing details of recent incidents on the npm registry, our investigations, and how we’re continuing to invest in the security of npm.
Mike Hanley
November 15, 2021
GitHub Blog Search
Search Results for: Ecosystem
The Social Sector is Contributing to the Broader OSS Ecosystem
As the world becomes more interconnected and complicated, so too does the expanse of open source ecosystems. While the majority of open source software (OSS) lies with corporate technology companies, in the last year, the Tech for Social Good program at GitHub has highlighted many unique opportunities, barriers and challenges that face open source in […]
Mala Kumar
January 26, 2021
Building together: GitHub partner ecosystem continues to grow
We detail the great momentum we’ve had with our partners at GitHub this past year, building a healthy ecosystem aimed at making our users more productive.
GitHub Partnerships
December 9, 2020
Open source creates value, but how do you measure it?
When digital infrastructure is overlooked by governments, it isn't just a missed opportunity: policies may inadvertently endanger open source collaboration.
Peter Cihon
January 20, 2022
How open source is supporting NASA’s new eyes in space
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science.
Nicole Numrich
January 18, 2022
Top-rated entries from Game Off 2021
Here are the top games created in our annual game jam as rated and reviewed by the developers that made them. Game On! 🤘🏻
Lee Reilly
January 13, 2022
Security-focused improvements for npm
Security-focused improvements for npm
GitHub Changelog
January 12, 2022
GitHub at the UN Internet Governance Forum
Last week, GitHub joined the Internet Governance Forum to spread awareness of developers’ initiatives and public policy interests.
Peter Cihon
December 13, 2021
Precise code navigation for Python, and code navigation in pull requests
Code navigation is now available in PRs, and code navigation results for Python are now more precise.
Douglas Creager
December 9, 2021
Enrolling all npm publishers in enhanced login verification and next steps for two-factor authentication enforcement
Today we're introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
Myles Borins
December 7, 2021
Safeguard your containers with new container signing capability in GitHub Actions
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
Justin Hutchings
December 6, 2021
The Copyright Office expands your security research rights
Recently, the Copyright Office responded to the calls to clarify the scope of protected security research.
Justin Colannino
November 23, 2021
Release Radar · October 2021 Edition
What an incredible month it’s been for GitHub and our communities. Whilst we’ve been busy with GitHub Universe, our communities have been busy coding. It’s been a successful year for Hacktoberfest, with many first-time contributors to the open source ecosystem. It wouldn’t be open source without contributors, and there wouldn’t be anything to contribute to […]
Michelle Mannering
November 12, 2021
GitHub Marketplace welcomes its 10,000th action
GitHub Marketplace just passed 10,000 published actions! Learn about contributing to this growing open source ecosystem.
John Bohannon
October 21, 2021
Repository Advisories Support Multiple Affected Products
Repository Advisories Support Multiple Affected Products
GitHub Changelog
October 20, 2021
What’s new from GitHub Changelog? September 2021 recap
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings.
Sidi Merzouk
October 19, 2021
GitHub Advisory Database now powers npm audit
Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.
Edward Thomson
October 7, 2021
GitHub Actions: Jobs running on `macos-latest` are now running on macOS Big Sur (11).
GitHub Actions: Jobs running on `macos-latest` are now running on macOS Big Sur (11).
GitHub Changelog
September 29, 2021
Improved pull request file filtering
Improved pull request file filtering
GitHub Changelog
September 27, 2021
GitHub Advisory Database now includes Rust advisories
GitHub Advisory Database now includes Rust advisories
GitHub Changelog
September 23, 2021
GitHub Advisory Database now supports Rust
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!
Kate Catlin
September 23, 2021