After setting up 2FA on npmjs.com recovery codes can now more easily be copied, printed, or saved by customers.
Previously, when you forked a repository the fork name would default to the same name as the parent repository. In some cases, that wasn't ideal because you wanted the fork to have a different name. Your only option was to rename the fork after it was created. Now you can customize the fork name at the same time you're creating it.
GitHub now protects you by scanning public repos for leaked GitHub login credentials. If you accidentally expose your username and password in code or commit metadata, we will automatically reset your password and email you.
We'd like to thank Will Deane, Director and Principal Consultant at ASX Consulting, and Aaron Devaney, Principal Security Consultant at MDSec, for surfacing the threat of exposed passwords and helping us secure all our users via GitHub's Security Bug Bounty program. You can read more from the researchers here.
For more information: