How we designed and wrote the narrative for our homepage
This post is the fifth installment of our five-part series on building GitHub’s new homepage: How our globe is built How we collect and use the data behind the globe…
GitHub Blog Search
Search Results for: GitHub Packages
Using CWE and CVSS scores to get more context on a security advisory
Security vulnerabilities can be unpleasant to address, and that only gets worse the more you have. When you’re dealing with a large volume of vulnerabilities, you need to be able…
npm 7 is now generally available!
After much anticipation, the npm CLI version 7 is now generally available!
The best of Changelog • 2020 Edition
If you haven’t seen it, the GitHub Changelog helps you keep up-to-date with all the latest features and updates to GitHub. We shipped a tonne of changes last year, and…
Shifting supply chain security left with dependency review
Dependency review allows you to easily understand your dependencies before you introduce them to your environment. As part of a pull request, you can see what dependencies you’re introducing, changing, or removing, and information about their vulnerabilities, age, usage, and license.
ghcr.io container names redirect to the container page
ghcr.io container names redirect to the container page
Applying DevSecOps to your software supply chain
To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.
Nbdev: A literate programming environment that democratizes software engineering best practices
Learn about nbdev, a new literate programming environment for Python.
Standing up for developers: youtube-dl is back
Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.
Presenting v7.0.0 of the npm CLI
We’re releasing v7.0.0 of the npm CLI, which includes exciting new features such as Workspaces, automatically installed peer deps, and more!
Secure at every step: Show your dependencies some love with updates
Keep dependencies up to date, to make sure you can quickly apply a patch when it really matters - when there’s a critical security vulnerability.
Open collaboration on COVID-19
Explore some impactful open source projects being created by teams around the world in response to COVID-19.
Updates to our Terms of Service and Privacy Statement
Learn more about updates we’ve made to our Terms of Service and Privacy Statement.
The State of the Octoverse 2019
To celebrate 365 days of achievements, let’s look back at the code and communities built on GitHub this year.
Private package deletion API
Packages published to private repositories can now be deleted by organization owners via the Package Version Deletion API. Learn more from the documentation
Securing software, together
Software security is a collective problem, a responsibility that involves producers and consumers of code, open source maintainers, security researchers, and security teams. At GitHub, we want to give the community the tools it needs to secure the software we all depend on.
Dependency graph support is now available for PHP repositories with Composer dependencies
The dependency graph is rolling out for all PHP repositories with Composer dependencies. In addition to Composer, GitHub supports package managers for many other programming languages, including Maven, NPM, Yarn, and Nuget.
Maintainer spotlight: Fatih Arslan
We’re sharing interviews from several open source contributors about their projects, challenges, and what a GitHub sponsorship means to them. This week, hear from Fatih Arslan.