Skip to content

File attachment support in Markdown for gists

You can now add images and videos to Markdown files in gists by pasting them into the Markdown body or selecting them from the dialog at the bottom of the Markdown file. For information on supported file types, see the documentation.

The GitHub Advisory Database now includes curated Rust advisories. This brings the Advisory Database to eight supported ecosystems, including: Composer (PHP), Go, Maven, npm, NuGet, pip, and RubyGems.

Support for Rust in the dependency graph and Dependabot alerts will be available in the future.

See more

npm access tokens will now follow the established format of GitHub authentication tokens as part of our work to create a more secure supply chain.

Previously, the npm access tokens were created as a UUID pattern of 36 characters, which has limitations such as inaccurate detection of compromised npm tokens in packages and GitHub repositories.

Identifiable prefix and higher entropy pattern

With the new pattern, access tokens now start with an identifiable prefix: npm so it is easier to be indexed by features like secret scanning and npm’s internal secret scanners. Moreover, the delimiter following after is no longer a - but an underscore _ meaning a full token can be selected when double clicked.

The last six characters of the tokens consist of CRC32 checksum, which is encoded in Base62 to further eliminate false positives when scanning for leaked tokens.

We strongly encourage you to make the move towards the new format by resetting your existing access tokens to help mitigate any risk to compromised tokens as well as make our secret scanning detection more precise. You can reset your personal access tokens by clicking on Access tokens under your Profile, deleting all of your old tokens and creating new ones.

See more