Skip to content

Chief Tools is now a GitHub secret scanning partner

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Chief Tools to scan for their tokens and help secure our mutual users on public repositories. Chief Tools tokens allow users to access the Chief Tools API and perform automated actions on behalf of the user that created the token. GitHub will forward access tokens found in public repositories to Chief Tools, who will immediately revoke the token and email the owner of the leaked token with instructions on next what to do next. You can read more information about Chief Tools tokens here.

GitHub Advanced Security customers can also scan for Chief Tools tokens and block them from entering their private and public repositories with push protection.

We have streamlined our account recovery flow to help us verify your identity in the instance you lose access to your two-factor authentication (2FA) device and get locked out of your npm account.

If you lose access to your 2FA device and your recovery codes, you can now sign in to your npm account using your username and password and then request an account recovery. You will be asked to fill the form as shown below. We recommend you provide as much information as possible when requesting an account recovery.

recover_accounts

Read more about how you can recover your 2FA enabled accounts here.

For accounts with 2FA, linking your GitHub account and Twitter account in your profile settings will help verify your identity quicker.

Note: The new account recovery flow tries to gather and map information about your identity such that our support team can address your request sooner. Since there is a manual review in place, this recovery process will take few days to complete. We recommend our users generate and keep a copy of their recovery code to be used as the primary recovery option and avoid getting locked out of your account for a prolonged period of time.

See more