Skip to content

Discussions Answer Previews

You can now view a preview of marked answers to discussions. Navigate quickly to the answer in a thread with the Jump to answer button.

For more information, see GitHub Discussions documentation.

For questions or feedback, visit GitHub Discussions feedback.

All npm accounts that do not have two-factor authentication (2FA) enabled will now receive an email with a one-time password (OTP) when authenticating through either the npmjs.com website or the npm CLI. The emailed OTP must be provided, in addition to a user’s password, before authenticating. This extra layer of authentication helps prevent common account takeover attacks, such as credential stuffing, which utilize a user’s compromised and reused password. It is worth noting that enhanced login verification is intended to be an additional baseline protection for all publishers. It is not a replacement for 2FA, such as time-based one-time passwords (TOTP), WebAuthn, or other methods described by NIST 800-63B. We encourage maintainers to opt-in to 2FA authentication. In doing so, you will not need to perform enhanced login verification.

You can read more about enhanced login verification in our documentation and blog.

See more

Enterprise owners and billing administrators may now add, edit, and remove billing emails within their enterprise account. Billing emails are where we send receipts and other billing-related information pertinent to your enterprise account.

To learn more, read setting your billing email.

See more