Here's How The GitHub Mobile Team Ships Releases With Automation

The GitHub Mobile team published a report on Wednesday sharing how they ship releases using automation.

Shipping a mobile app is not an easy task. Before a build goes out to our users’ hands, we must make sure the end result is properly built, all written tests are passed, and any critical issues are captured by testing. Also, we compose release notes with changes since our last update. All of these tasks can be quite time-consuming.

GitHub Fixes NPM Bugs That Leaked Private Package Names

GitHub has fixed several flaws with npm packages that leaked private names and let attackers publish new versions of a package they didn’t have rights to.

The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. Although, GitHub does warn that despite this, the service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.”

GitHub No Longer Accepts Passwords, Use Security Keys Instead

GitHub will no longer accept passwords when authenticating Git operations and will require the use of strong authentication factors. Yubico also posted about the announcement here, and its 2FA hardware keys are an acceptable solution for GitHub users.

In December, we announced that beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations and will require the use of strong authentication factors, such as a personal access token, SSH keys (for developers), or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on With the August 13 sunset date behind us, we no longer accept password authentication for Git operations.

New Features in GitHub Issues for Planning and Tracking

New beta features within GitHub Issues help development teams improve their planning and tracking.

Today, we are announcing new beta features within GitHub Issues to connect your planning directly to the work your teams are doing, and flexibly to adapt to their needs: project tables that are built like spreadsheets, custom fields, a keyboard driven command palette, improved task lists, and issue forms.

GitHub Desktop 2.9 Update Adds M1 Mac Support

GitHub Desktop was recently updated to version 2.9, and the team shared some of the new features included, such as squash and reorder commits. Users can now download a native build for their M1 Mac.

If a group of commits represents a single unit of work, or if a project requires that each pull request only has one commit, simply drag them on top of one another to squash them together and add a new commit message that captures the whole picture.

GitHub Adds Support for Security Keys Over SSH

GitHub announced on Monday that it enabled support for two-factor authentication security keys when members use them over SSH.

When used for SSH operations, security keys move the sensitive part of your SSH key from your computer to a secure external security key. SSH keys that are bound to security keys protect you from accidental private key exposure and malware. You perform a gesture, such as a tap on the security key, to indicate when you intend to use the security key to authenticate. This action provides the notion of “user presence.”