Dependabot on GitHub Actions and self-hosted runners is now generally available
A quick guide on the advantages of Dependabot as a GitHub Actions workflow and the benefits this unlocks, including self-hosted runner support.
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience to all npm accounts, including:
On February 1, we enrolled all maintainers of the top-100 npm packages into mandatory 2FA. On May 31, we will enroll the next cohort in mandatory 2FA—maintainers of the top-500 packages. The final cohort will be high-impact maintainers of packages with more than one million weekly downloads or 500 dependents later this year.
Prior to enrolling all high-impact maintainers in 2FA, we will:
To learn more about configuring 2FA, see Configuring two-factor authentication.
To learn more about 2FA in general, see About two-factor authentication.
For questions and comments, open a discussion in our feedback repository.