GitHub
2026-03-17
Dependabot can now alert on npm dependencies that match known malware advisories. When malware alerting is enabled, it checks repository npm dependencies against malicious package versions.