Skip to content

Secret scanning: Admins can now sort and filter their custom patterns

GitHub Advanced Security customers can now sort and filter their list of custom patterns at the repository, organization, and enterprise levels. This upgrade to the experience supports admins who need to manage dozens, or hundreds, of custom patterns.

Learn more about custom patterns for GitHub Advanced Security

You can now link your GitHub and Twitter accounts with your npm account using an official OAuth integration with these services. Prior to this, GitHub and Twitter account linking used a plain text field which was not verified or validated.

The new experience creates a verified link, making it possible for developers to audit identities and trust that an account is who they claim they are. Verified linking also significantly improves our ability to recover your npm account in case you are not able to login into anymore.

Legacy data will no longer be shown on public npm profiles, and the data can no longer be set via the npm CLI. Legacy data will still be retained in your private profile until a verified link has been made and can be used for account recovery purposes.

Learn more about GitHub and Twitter account linking from our documentation page: “managing user account profile settings from the web

See more

Enhanced Two-Factor Authentication (2FA) experience is now Generally Available. Previously, we had announced a set of improvements in our public beta. Further to this we have made the following new changes to streamline the CLI login experience.

  • As of npm 8.15.0 Login and Publish authentication from CLI can now be managed by the browser with the --auth-type=web flag.
  • Login can use an existing web session, only prompting for your second factor or email verification OTP to create a new CLI session.
  • Publish now supports “remember me for 5 minutes” and allows for subsequent publishes from the same IP + access token to avoid the 2FA prompt for a 5-minute period.
  • You can now use 2FA for re-verification requests while performing high privilege operations on

Read more about two-factor authentication
from our documentation.

See more