GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.
TheServerSide

Why GitHub renamed its master branch to main

Since its inception, the Git DVCS tool's default branch name was set to master. Every Git repository had a master branch unless a developer took explicit steps to remove it, which was rarely ever done ...
TechCrunch

GitHub Copilot introduces new limits, charges for ‘premium’ AI models

GitHub Copilot, Microsoft-owned GitHub’s AI coding assistant, could soon become costlier for some users. On Friday, GitHub announced “premium requests” for GitHub Copilot, a new system that imposes ...
Security Boulevard

Shai-Hulud: A Persistent Secret Leaking Campaign

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The ...