Skip to content

Category

Security

GitHub security update: revoking weakly-generated SSH keys

GitHub security update: revoking weakly-generated SSH keys

On September 28, 2021, we received notice from the developer Axosoft regarding a vulnerability in a dependency of their popular git GUI client - GitKraken. An underlying issue with a dependency, called `keypair`, resulted in the GitKraken client generating weak SSH keys.

Mike Hanley
GitHub Advisory Database now powers npm audit

GitHub Advisory Database now powers npm audit

Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.

Edward Thomson