In July 2022 the public npm registry migrated away from the existing PGP signatures to a new ECDSA signatures for signature verification.
PGP based registry signatures will be deprecated on April 25th 2023. This means no new packages will be signed with PGP keys from this date onwards and the public key hosted on Keybase will expire.
Read more about registry signatures.
You can now programmatically view and act on repository advisories via a new REST API. New endpoints to create, view, list, and update advisories are available to all. Additionally, new webhooks have been introduced that will alert maintainers when advisories are published or when a private vulnerability report is submitted.
Current advisory permissions extend to API usage.
GitHub enterprise and organization owners can now use a REST API to delete their organizations and all corresponding repositories. Organization names will be locked for 90 days following the organization deletion.
We recommend reading our Terms of Service around account deletion before utilizing this endpoint.
To learn more, please read our Organization REST API documentation.