Skip to content

Explore the content of your npm packages with the new code explorer

You can now view the content of a package with the updated code explorer directly on the npmjs.com portal. We have improved the reliability, performance and have now made this feature available for free. You no more need to download a package to view its content. With this feature, you can easily scrutinise packages to make sure it is safe for use in your application. The code explorer provides syntax highlighting for .js, .ts, .md, .json and other commonly used file types in npm packages. You can also view the content of any previous version of a package.

Start by exploring the npm package.

Limit scope of npm tokens with the new granular access tokens

You can now create access tokens with limited scope using the new granular access tokens functionality in npm. With granular access tokens, you can:

  • Restrict which packages and/or scopes a token has access to
  • Grant tokens access to specific organizations for user management
  • Set a token expiration date
  • Limit token access based on IP address ranges
  • Select between read and/or write access

Tokens with least privileges protects your npm packages from accidental or malicious misuse of your token. These tokens also allow you to manage your npm org and teams from a CI/CD pipeline. Granular access tokens are specifically built for automation and do not require 2FA. We recommend using granular access tokens with least privileges while you automate publishing and org management activities.

See more

GitHub Actions workflow notifications in Slack and Microsoft Teams

We are excited to announce that GitHub app in Slack and Microsoft Teams now supports GitHub Actions workflow notifications.

image

You can now subscribe to your repository and get notified about GitHub Actions workflow run status from your channel or personal app.
/github subscribe owner/repo workflows

  • You will get notified when a new workflow run is triggered. And you can track the live status of the jobs.
  • You can track the approval notifications as a reply in the thread and you can approve the notifications directly from channel/personal app.
  • Once the workflow is completed, you will get a update as a reply in the thread so that you can complete context and history about the workflow run.
  • If something fails, you can choose to rerun the workflow in place and you can also enable debug logs if needed.

Workflow notification filters

Getting notified about each and every workflow run can be noisy. So, we are providing you capability to filter the notifications based on your requirement. You can filter your actions workflows notifications based on name, event, actor and/or branch. You can filter the notifications as below.

/github subscribe owner/repo workflows:{name:"your workflow name" event:"workflow event" branch:"branch name" actor:"actor name"}

  • name: Name of your workflow
  • event: The event on which the workflow is triggered. View the list of all available events.
  • actor: The person who triggered or responsible for running of the workflow.
  • branch: The branch on which the workflow is running. Only in the cases where pull_request event is included, the branch will be the target branch the pull request is created for.

Note: When you configure workflow notifications without passing any filters, it is configured by default for workflows triggered via pull requests targeting your default branch.

For more information, please visit the GitHub app guidance for Slack and Microsoft Teams.

See more
View all changes