GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks. September has been a bad month for npm with phishing attacks on package ...

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently.

GitHub enforces FIDO 2FA and seven-day token limits after Shai-Hulud npm attack to boost supply chain security.

In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and publishing rules.

GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and pushes itself further into the ecosystem. Once a single environment is ...

Discover how leading companies are transforming with AI—unlocking agility, innovation, and impact as Frontier Firms.

Blacksmith, a Y Combinator alum, raised $10M Series A led by Google Ventures to cut costs and speed up software builds.

Hands on with GitHub’s open-source tool kit for steering AI coding agents by combining detailed specifications and a human in the loop.