The platform supports a new type of tokens (public beta version), which will allow you to configure access and selectively determine the rights of a specific developer or script.
Personal access tokens (personal access tokens, PATs) will provide detailed control over actions in the repository, with them you can configure a range of tasks only that are necessary to perform work.
The GitHub blog says that this way the company hopes to increase the level of data security of companies and developers, as well as reduce the risks of attacks in case of identity theft.
At the same time, existing tokens will continue to be supported, and there will be two types of tokens on GitHub:
Classic – individual tokens that give access to all repositories and organizations that a user can access. The validity period of such tokens is not limited.
PATs – Improved tokens that give granular access to a specific list of organizations and repositories. Each resolution can be granted with no access, read, or read and write conditions. For example, the project owner can allow work in read-only mode. You can limit the duration of PATs.
You can read more about creating and using PATs in the GitHub documentation. We will remind, earlier on the platform the two-factor authorization system in npm was updated, which became mandatory for everyone – this was also done to protect against account hacking.