News
GitHub Expands Copilot to Teams, Strengthens npm Security and Adds Enterprise Usage Tools
GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing.
At the center is a new public preview of the GitHub Copilot app for Microsoft Teams. The integration lets users call on the Copilot coding agent directly inside a Teams chat by tagging @GitHub. From there, developers can request bug fixes, scaffolding for new features, improved logging or even complete pull requests without leaving Teams. The capability requires a Copilot Business or Enterprise subscription, and administrators must enable GitHub Copilot Enterprise features before it becomes available.
According to GitHub, the Teams app is intended to cut down on context switching. Instead of moving between tools, distributed and cross-functional teams can work with Copilot in the same space they already use for daily communication.
GitHub also outlined upcoming changes to npm publishing practices following the recent discovery of a self-replicating package called Shai-Hulud. The package spread through weaknesses in long-lived tokens and publishing policies, allowing it to propagate across multiple accounts.
"The software industry has faced a recent surge in damaging account takeovers on package registries, including npm," GitHub said in its announcement. "These ongoing attacks have allowed malicious actors to gain unauthorized access to maintainer accounts and subsequently distribute malicious software through well-known, trusted packages."
To address the issue, GitHub will require short-lived, granular access tokens for npm publishers and phase out older tokens. It also plans to expand the use of FIDO-based two-factor authentication and encourage adoption of its trusted publishing model, which ties npm publishing to CI/CD pipelines such as GitHub Actions.
For enterprise customers, GitHub is adding a new billing enhancement that will make usage tracking more precise. Starting Oct. 1, metered usage in GitHub Enterprise Cloud will display at the organization level instead of under a catch-all "All other orgs" category. The per-organization data will be available in the billing dashboard, exported reports and through the usage API. Past usage data will not be backfilled.