Code hosting website GitHub announced today a new service for its customers that will allow developers and organizations an easy way to generate "packages" from their code. Packages are ...

GitHub has introduced the GitHub Package Registry, a package management service integrated into GitHub that allows developers to publish private or public packages next to their source code. GitHub ...

GitHub has resolved numerous vulnerabilities in Node.js packages tar and @npmcli/arborist, with the worst allowing file overwrites and arbitrary code execution. On Wednesday, GitHub said the company ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain.

Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized GitHub to store stolen Base64-encrypted SSH keys taken from developer systems. These ...

GitHub today announced the launch of a limited beta of the GitHub Package Registry, its new package management service that lets developers publish public and private packages next to their source ...

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public outreach, longtime relationships, and a vendor willing to listen and ...

GitHub is expanding the scope of its code repository to include support for publishing software packages, the company annoucned Friday afternoon. After teasing an announcement all week on Twitter, ...