GitHub Updates Blog provides announcements, product updates, and insights into new features and enhancements on the GitHub platform. Developers can stay informed about changes to GitHub's developer tools, collaboration features, and security offerings. With GitHub's commitment to empowering developers and supporting open source communities, the GitHub Updates Blog serves as a resource for staying connected with the latest developments in software development.

GitHub Changelog

npm is implementing major security changes including shorter token lifetimes (7-day default, 90-day maximum), sunsetting classic tokens entirely, and disabling new TOTP 2FA setups in favor of WebAuthn. These changes roll out over five weeks through mid-November 2025. Package maintainers must migrate from classic tokens to granular access tokens or trusted publishers (OIDC) and update their CI/CD workflows accordingly.

Strengthening npm security: Important changes to authentication and token management