GitHub is rolling out a new feature that allows developers to verify their npm packages with a cryptographic signature. According to the Microsoft-owned company, the new features help improve the trustworthiness and security of the packages.
Known as NPM Package Signing, the tool is now available in beta on GitHub Actions for users with the Team, Pro, or Enterprise account.
The feature works by generating a unique key pair for each developer who opts in to NPM package signing. The developer can then use the key pair to sign their npm packages and publish them to GitHub Packages, a hosting service for npm packages.
The GitHub feature also integrates with GitHub's code scanning and secret scanning tools, which can detect vulnerabilities and secrets in npm packages. The company is now inviting organizations to test the beta and provide feedback on the package signing feature.
GitHub Actions give developers tools to improve their projects. By leveraging Docker code containers, developers will be able to set a schedule of events. Projects can have event triggers ranging from an introduction of new code to testing channels that trigger Actions.
Tip of the day: If you need to Create, Delete or Resize Partitions, Windows has everything you thanks to the built-in Disk Management-tool.