Skip to content

Secret scanning: Notifications for commit authors on private repositories

Secret scanning on private repositories now notifies commit authors when they push a change that includes a potential secret. The commit author can view the associated alert and mark it as revoked or false positive. As always, details of the last action taken on the alert are displayed in the UI and in the API.

Learn more about secret scanning for private repositories

The Packages npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.

Learn more about the Packages npm registry

For questions, visit the GitHub Packages community

To see what's next for Packages, visit our public roadmap

Note: This post originally inaccurately referred to time as not being returned in the “official npm specification”. While an “official npm specification” does not exist, time is referred to in the registry package-metadata documentation and used for some commands.

See more

March 29, 2021: We’ve updated this Changelog entry to reflect current prefix format

In two weeks, we will change the format of newly minted GitHub authentication tokens as part of ongoing improvements to make your software more secure. The following token types are affected:

For each of these token types we are making the following changes:

  • The character set is changing from [a-f0-9] to [A-Za-z0-9_]
  • The format is changing to include a prefix:
    • ghp_ for Personal Access Tokens
    • gho_ for OAuth Access tokens
    • ghu_ for GitHub App user-to-server tokens
    • ghs_ for GitHub App server-to-server tokens
    • ghr_ for GitHub App refresh tokens

The overall length of our tokens will remain the same for now. However, GitHub tokens will likely increase in length in future updates, so integrators should plan to support tokens up to 255 characters after June 1, 2021.

See more