GitHub integrates Copilot into Microsoft Teams and strengthens npm security, making open source development safer and more efficient for developers and enterprises alike.
GitHub has unveiled a suite of updates aimed at enhancing developer collaboration, open source security, and enterprise management.
At the forefront is the public preview of GitHub Copilot for Microsoft Teams, which allows developers to call on the AI coding assistant directly in chat by tagging @GitHub. Users can request bug fixes, scaffold new features, improve logging, or even complete pull requests without leaving Teams. The integration is designed to reduce context switching for distributed and cross-functional teams. Access requires a Copilot Business or Enterprise subscription, with administrators enabling GitHub Copilot Enterprise features.
In parallel, GitHub is introducing critical security enhancements for npm following the discovery of Shai-Hulud, a self-replicating package that exploited weaknesses in long-lived tokens and publishing policies. According to GitHub:
“The software industry has faced a recent surge in damaging account takeovers on package registries, including npm. These ongoing attacks have allowed malicious actors to gain unauthorized access to maintainer accounts and subsequently distribute malicious software through well-known, trusted packages.”
To mitigate such risks, GitHub will enforce short-lived, granular access tokens for npm publishers, expand FIDO-based two-factor authentication, and encourage adoption of a trusted publishing model linked to CI/CD pipelines like GitHub Actions.
For enterprise users, GitHub is rolling out a billing enhancement that displays metered usage at the organization level starting October 1, replacing the generic “All other orgs” view. Organization-level data will be available via the billing dashboard, exported reports, and the usage API. Historical usage data will not be backfilled.
Together, these updates reinforce GitHub’s commitment to secure open source ecosystems while improving developer efficiency and enterprise transparency.
