Improved account recovery flow in case of a lost 2FA device

We have streamlined our account recovery flow to help us verify your identity in the instance you lose access to your two-factor authentication (2FA) device and get locked out of your npm account.

If you lose access to your 2FA device and your recovery codes, you can now sign in to your npm account using your username and password and then request an account recovery. You will be asked to fill the form as shown below. We recommend you provide as much information as possible when requesting an account recovery.

recover_accounts

Read more about how you can recover your 2FA enabled accounts here.

For accounts with 2FA, linking your GitHub account and Twitter account in your profile settings will help verify your identity quicker.

Note: The new account recovery flow tries to gather and map information about your identity such that our support team can address your request sooner. Since there is a manual review in place, this recovery process will take few days to complete. We recommend our users generate and keep a copy of their recovery code to be used as the primary recovery option and avoid getting locked out of your account for a prolonged period of time.

CodeQL now officially supports customizing the build configuration for Go analysis in the Actions workflow file. This aligns the Go configuration experience with the C/C++, C#, and Java analysis. The new customization options allow for more flexibility, for example when the build fails, or if analysis is desired on different source files.

All your existing CodeQL workflows for Go analysis will continue to work and continue to be supported. You don’t need to take any action to keep Go analysis running.

Example Actions workflow steps using Go build customization

steps:
  - name: Checkout repository
    uses: actions/checkout@v3

  - name: Initialize CodeQL
    uses: github/codeql-action/init@v2
    with:
      languages: go

  - name: Build code
    run:
      # You can modify these commands or add new commands to customize the build process
      make bootstrap
      make release

  - name: Perform CodeQL Analysis
    uses: github/codeql-action/analyze@v2

Learn more about CodeQL and code scanning.

See more

The GitHub Enterprise Server 3.7 release candidate is here

GitHub Enterprise Server 3.7 brings new capabilities to help companies build and deliver secure software, more quickly. With over 70 new features, here are a few highlights.

  • It's easier to deploy GitHub Actions, securely, at scale. Teams looking to standardise their workflows with reusable workflows will benefit from the ability to nest reusable workflows in one another, and build matrixing into reusable workflows. What's more, Actions now supports Google Cloud Storage and security teams will love our enhancements to the OIDC connection patterns for Actions to support cloud deployments at scale
  • Security teams now have a single view of their code security posture. The Security Overview page, an at-a-glance view of your code security alerts and risk, is now available to all customers. And to ensure all repositories are covered by your company's policies, administrators can now restrict new repositories to Organizations only.
  • Forking is clearer and simpler, especially for companies adopting innersource. Developers will benefit from a whole host of enhancements that make working with forks easier, including the ability to fork within an organization and fork internal repositories.
  • Code scanning alerts for GitHub Advanced Security customers are now more collaborative and relevant, with alerts now appearing in pull requests. And, you can now improve Dependabot alert and update coverage by submitting dependencies directly to the Dependency graph via an API.

Release Candidates are a way for you to try the latest features at the earliest time, and they help us gather feedback early to ensure the release works in your environment. They should be tested on non-production environments. Here are some highlights for this release. Read more about the release candidate process.

Read more about GitHub Enterprise Server 3.7 in the release notes, or download the release candidate now. If you have any feedback or questions, please contact our Support team.

See more